Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2017-12-19 10:58:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Tue Dec 19 10:58:50 2017 rev:18 rq:558079 version:1.13.7 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2017-10-20 14:47:12.672481885 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2017-12-19 10:58:54.504131189 +0100 @@ -1,0 +2,21 @@ +Mon Dec 18 02:59:27 UTC 2017 - [email protected] + +- update to version 1.13.7 + - Bugfix: in the $upstream_status variable. + - Bugfix: a segmentation fault might occur in a worker process + if a backend returned a "101 Switching Protocols" response to + a subrequest. + - Bugfix: a segmentation fault occurred in a master process if a + shared memory zone size was changed during a reconfiguration + and the reconfiguration failed. + - Bugfix: in the ngx_http_fastcgi_module. + - Bugfix: nginx returned the 500 error if parameters without + variables were specified in the "xslt_stylesheet" directive. + - Workaround: "gzip filter failed to use preallocated memory" + alerts appeared in logs when using a zlib library variant + from Intel. + - Bugfix: the "worker_shutdown_timeout" directive did not work + when using mail proxy and when proxying WebSocket connections. +- partial cleanup with spec-cleaner + +------------------------------------------------------------------- Old: ---- nginx-1.13.6.tar.gz nginx-1.13.6.tar.gz.asc New: ---- nginx-1.13.7.tar.gz nginx-1.13.7.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.9sWSii/_old 2017-12-19 10:58:55.268094309 +0100 +++ /var/tmp/diff_new_pack.9sWSii/_new 2017-12-19 10:58:55.268094309 +0100 @@ -69,7 +69,7 @@ %define ngx_doc_dir %{_datadir}/doc/packages/%{name} # Name: nginx -Version: 1.13.6 +Version: 1.13.7 Release: 0 %define ngx_fancyindex_version 0.4.1 %define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version} @@ -127,7 +127,6 @@ Conflicts: otherproviders(nginx) Provides: http_daemon Provides: httpd -BuildRoot: %{_tmppath}/%{name}-%{version}-build # BuildRequires: libGeoIP-devel # @@ -260,7 +259,7 @@ make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install %perl_process_packlist install -d -m 0750 %{buildroot}%{ngx_home}/{,tmp,proxy,fastcgi,scgi,uwsgi} @@ -342,7 +341,6 @@ %endif %files -%defattr(-,root,root) %dir %{ngx_conf_dir}/ %config(noreplace) %{ngx_conf_dir}/koi-utf %config(noreplace) %{ngx_conf_dir}/koi-win @@ -400,7 +398,6 @@ %{_datadir}/nginx/ %files -n vim-plugin-nginx -%defattr(-,root,root) %dir %{vim_data_dir}/ftdetect/ %{vim_data_dir}/ftdetect/nginx.vim %{vim_data_dir}/ftplugin/nginx.vim ++++++ nginx-1.13.6.tar.gz -> nginx-1.13.7.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/CHANGES new/nginx-1.13.7/CHANGES --- old/nginx-1.13.6/CHANGES 2017-10-10 17:22:59.000000000 +0200 +++ new/nginx-1.13.7/CHANGES 2017-11-21 16:09:52.000000000 +0100 @@ -1,4 +1,28 @@ +Changes with nginx 1.13.7 21 Nov 2017 + + *) Bugfix: in the $upstream_status variable. + + *) Bugfix: a segmentation fault might occur in a worker process if a + backend returned a "101 Switching Protocols" response to a + subrequest. + + *) Bugfix: a segmentation fault occurred in a master process if a shared + memory zone size was changed during a reconfiguration and the + reconfiguration failed. + + *) Bugfix: in the ngx_http_fastcgi_module. + + *) Bugfix: nginx returned the 500 error if parameters without variables + were specified in the "xslt_stylesheet" directive. + + *) Workaround: "gzip filter failed to use preallocated memory" alerts + appeared in logs when using a zlib library variant from Intel. + + *) Bugfix: the "worker_shutdown_timeout" directive did not work when + using mail proxy and when proxying WebSocket connections. + + Changes with nginx 1.13.6 10 Oct 2017 *) Bugfix: switching to the next upstream server in the stream module diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/CHANGES.ru new/nginx-1.13.7/CHANGES.ru --- old/nginx-1.13.6/CHANGES.ru 2017-10-10 17:22:56.000000000 +0200 +++ new/nginx-1.13.7/CHANGES.ru 2017-11-21 16:09:49.000000000 +0100 @@ -1,4 +1,28 @@ +Изменения в nginx 1.13.7 21.11.2017 + + *) Исправление: в переменной $upstream_status. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если бэкенд возвращал ответ "101 Switching Protocols" на подзапрос. + + *) Исправление: если при переконфигурации изменялся размер зоны + разделяемой памяти и переконфигурация завершалась неудачно, то в + главном процессе происходил segmentation fault. + + *) Исправление: в модуле ngx_http_fastcgi_module. + + *) Исправление: nginx возвращал ошибку 500, если в директиве + xslt_stylesheet были заданы параметры без использования переменных. + + *) Изменение: при использовании варианта библиотеки zlib от Intel в лог + писались сообщения "gzip filter failed to use preallocated memory". + + *) Исправление: директива worker_shutdown_timeout не работала при + использовании почтового прокси-сервера и при проксировании + WebSocket-соединений. + + Изменения в nginx 1.13.6 10.10.2017 *) Исправление: при использовании директивы ssl_preread в модуле stream diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/core/nginx.h new/nginx-1.13.7/src/core/nginx.h --- old/nginx-1.13.6/src/core/nginx.h 2017-10-10 17:22:51.000000000 +0200 +++ new/nginx-1.13.7/src/core/nginx.h 2017-11-21 16:09:44.000000000 +0100 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1013006 -#define NGINX_VERSION "1.13.6" +#define nginx_version 1013007 +#define NGINX_VERSION "1.13.7" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/core/ngx_conf_file.h new/nginx-1.13.7/src/core/ngx_conf_file.h --- old/nginx-1.13.6/src/core/ngx_conf_file.h 2017-10-10 17:22:51.000000000 +0200 +++ new/nginx-1.13.7/src/core/ngx_conf_file.h 2017-11-21 16:09:44.000000000 +0100 @@ -128,7 +128,7 @@ ngx_uint_t cmd_type; ngx_conf_handler_pt handler; - char *handler_conf; + void *handler_conf; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/core/ngx_cycle.c new/nginx-1.13.7/src/core/ngx_cycle.c --- old/nginx-1.13.6/src/core/ngx_cycle.c 2017-10-10 17:22:51.000000000 +0200 +++ new/nginx-1.13.7/src/core/ngx_cycle.c 2017-11-21 16:09:44.000000000 +0100 @@ -470,8 +470,6 @@ goto shm_zone_found; } - ngx_shm_free(&oshm_zone[n].shm); - break; } @@ -662,14 +660,26 @@ n = 0; } - if (oshm_zone[i].shm.name.len == shm_zone[n].shm.name.len - && ngx_strncmp(oshm_zone[i].shm.name.data, - shm_zone[n].shm.name.data, - oshm_zone[i].shm.name.len) - == 0) + if (oshm_zone[i].shm.name.len != shm_zone[n].shm.name.len) { + continue; + } + + if (ngx_strncmp(oshm_zone[i].shm.name.data, + shm_zone[n].shm.name.data, + oshm_zone[i].shm.name.len) + != 0) + { + continue; + } + + if (oshm_zone[i].tag == shm_zone[n].tag + && oshm_zone[i].shm.size == shm_zone[n].shm.size + && !oshm_zone[i].noreuse) { goto live_shm_zone; } + + break; } ngx_shm_free(&oshm_zone[i].shm); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/event/ngx_event_openssl.h new/nginx-1.13.7/src/event/ngx_event_openssl.h --- old/nginx-1.13.6/src/event/ngx_event_openssl.h 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/event/ngx_event_openssl.h 2017-11-21 16:09:44.000000000 +0100 @@ -22,6 +22,7 @@ #include <openssl/engine.h> #endif #include <openssl/evp.h> +#include <openssl/hmac.h> #ifndef OPENSSL_NO_OCSP #include <openssl/ocsp.h> #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/modules/ngx_http_fastcgi_module.c new/nginx-1.13.7/src/http/modules/ngx_http_fastcgi_module.c --- old/nginx-1.13.6/src/http/modules/ngx_http_fastcgi_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/modules/ngx_http_fastcgi_module.c 2017-11-21 16:09:44.000000000 +0100 @@ -2646,6 +2646,7 @@ } } + f->pos = p; f->state = state; return NGX_AGAIN; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/modules/ngx_http_gzip_filter_module.c new/nginx-1.13.7/src/http/modules/ngx_http_gzip_filter_module.c --- old/nginx-1.13.6/src/http/modules/ngx_http_gzip_filter_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/modules/ngx_http_gzip_filter_module.c 2017-11-21 16:09:44.000000000 +0100 @@ -57,6 +57,7 @@ unsigned nomem:1; unsigned gzheader:1; unsigned buffering:1; + unsigned intel:1; size_t zin; size_t zout; @@ -233,6 +234,8 @@ static ngx_http_output_header_filter_pt ngx_http_next_header_filter; static ngx_http_output_body_filter_pt ngx_http_next_body_filter; +static ngx_uint_t ngx_http_gzip_assume_intel; + static ngx_int_t ngx_http_gzip_header_filter(ngx_http_request_t *r) @@ -527,7 +530,27 @@ * *) 5920 bytes on amd64 and sparc64 */ - ctx->allocated = 8192 + (1 << (wbits + 2)) + (1 << (memlevel + 9)); + if (!ngx_http_gzip_assume_intel) { + ctx->allocated = 8192 + (1 << (wbits + 2)) + (1 << (memlevel + 9)); + + } else { + /* + * A zlib variant from Intel, https://github.com/jtkukunas/zlib. + * It can force window bits to 13 for fast compression level, + * on processors with SSE 4.2 it uses 64K hash instead of scaling + * it from the specified memory level, and also introduces + * 16-byte padding in one out of the two window-sized buffers. + */ + + if (conf->level == 1) { + wbits = ngx_max(wbits, 13); + } + + ctx->allocated = 8192 + 16 + (1 << (wbits + 2)) + + (1 << (ngx_max(memlevel, 8) + 8)) + + (1 << (memlevel + 8)); + ctx->intel = 1; + } } @@ -1003,7 +1026,7 @@ alloc = items * size; - if (alloc % 512 != 0 && alloc < 8192) { + if (items == 1 && alloc % 512 != 0 && alloc < 8192) { /* * The zlib deflate_state allocation, it takes about 6K, @@ -1025,9 +1048,14 @@ return p; } - ngx_log_error(NGX_LOG_ALERT, ctx->request->connection->log, 0, - "gzip filter failed to use preallocated memory: %ud of %ui", - items * size, ctx->allocated); + if (ctx->intel) { + ngx_log_error(NGX_LOG_ALERT, ctx->request->connection->log, 0, + "gzip filter failed to use preallocated memory: " + "%ud of %ui", items * size, ctx->allocated); + + } else { + ngx_http_gzip_assume_intel = 1; + } p = ngx_palloc(ctx->request->pool, items * size); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/modules/ngx_http_ssi_filter_module.c new/nginx-1.13.7/src/http/modules/ngx_http_ssi_filter_module.c --- old/nginx-1.13.6/src/http/modules/ngx_http_ssi_filter_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/modules/ngx_http_ssi_filter_module.c 2017-11-21 16:09:45.000000000 +0100 @@ -1630,8 +1630,7 @@ u_char ch, *p, **value, *data, *part_data; size_t *size, len, prefix, part_len; ngx_str_t var, *val; - ngx_int_t key; - ngx_uint_t i, n, bracket, quoted; + ngx_uint_t i, n, bracket, quoted, key; ngx_array_t lengths, values; ngx_http_variable_value_t *vv; @@ -1883,9 +1882,8 @@ int rc, *captures; u_char *p, errstr[NGX_MAX_CONF_ERRSTR]; size_t size; - ngx_int_t key; ngx_str_t *vv, name, value; - ngx_uint_t i, n; + ngx_uint_t i, n, key; ngx_http_ssi_ctx_t *ctx; ngx_http_ssi_var_t *var; ngx_regex_compile_t rgc; @@ -1988,10 +1986,10 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx, ngx_str_t **params) { - ngx_int_t rc, key; + ngx_int_t rc; ngx_str_t *uri, *file, *wait, *set, *stub, args; ngx_buf_t *b; - ngx_uint_t flags, i; + ngx_uint_t flags, i, key; ngx_chain_t *cl, *tl, **ll, *out; ngx_http_request_t *sr; ngx_http_ssi_var_t *var; @@ -2248,9 +2246,9 @@ { u_char *p; uintptr_t len; - ngx_int_t key; ngx_buf_t *b; ngx_str_t *var, *value, *enc, text; + ngx_uint_t key; ngx_chain_t *cl; ngx_http_variable_value_t *vv; @@ -2410,8 +2408,9 @@ ngx_http_ssi_set(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx, ngx_str_t **params) { - ngx_int_t key, rc; + ngx_int_t rc; ngx_str_t *name, *value, *vv; + ngx_uint_t key; ngx_http_ssi_var_t *var; ngx_http_ssi_ctx_t *mctx; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/modules/ngx_http_xslt_filter_module.c new/nginx-1.13.7/src/http/modules/ngx_http_xslt_filter_module.c --- old/nginx-1.13.6/src/http/modules/ngx_http_xslt_filter_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/modules/ngx_http_xslt_filter_module.c 2017-11-21 16:09:45.000000000 +0100 @@ -686,8 +686,19 @@ * specified in xslt_stylesheet directives */ - p = string.data; - last = string.data + string.len; + if (param[i].value.lengths) { + p = string.data; + + } else { + p = ngx_pnalloc(r->pool, string.len + 1); + if (p == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(p, string.data, string.len + 1); + } + + last = p + string.len; while (p && *p) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/ngx_http_postpone_filter_module.c new/nginx-1.13.7/src/http/ngx_http_postpone_filter_module.c --- old/nginx-1.13.6/src/http/ngx_http_postpone_filter_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/ngx_http_postpone_filter_module.c 2017-11-21 16:09:45.000000000 +0100 @@ -63,7 +63,10 @@ if (r != c->data) { if (in) { - ngx_http_postpone_filter_add(r, in); + if (ngx_http_postpone_filter_add(r, in) != NGX_OK) { + return NGX_ERROR; + } + return NGX_OK; } @@ -86,7 +89,9 @@ } if (in) { - ngx_http_postpone_filter_add(r, in); + if (ngx_http_postpone_filter_add(r, in) != NGX_OK) { + return NGX_ERROR; + } } do { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/ngx_http_request.c new/nginx-1.13.7/src/http/ngx_http_request.c --- old/nginx-1.13.6/src/http/ngx_http_request.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/ngx_http_request.c 2017-11-21 16:09:45.000000000 +0100 @@ -2225,6 +2225,13 @@ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "http run request: \"%V?%V\"", &r->uri, &r->args); + if (c->close) { + r->main->count++; + ngx_http_terminate_request(r, 0); + ngx_http_run_posted_requests(c); + return; + } + if (ev->delayed && ev->timedout) { ev->delayed = 0; ev->timedout = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/http/ngx_http_upstream.c new/nginx-1.13.7/src/http/ngx_http_upstream.c --- old/nginx-1.13.6/src/http/ngx_http_upstream.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/http/ngx_http_upstream.c 2017-11-21 16:09:45.000000000 +0100 @@ -3206,6 +3206,13 @@ /* TODO: prevent upgrade if not requested or not possible */ + if (r != r->main) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "connection upgrade in subrequest"); + ngx_http_upstream_finalize_request(r, u, NGX_ERROR); + return; + } + r->keepalive = 0; c->log->action = "proxying upgraded connection"; @@ -4111,6 +4118,7 @@ switch (ft_type) { case NGX_HTTP_UPSTREAM_FT_TIMEOUT: + case NGX_HTTP_UPSTREAM_FT_HTTP_504: status = NGX_HTTP_GATEWAY_TIME_OUT; break; @@ -4118,6 +4126,10 @@ status = NGX_HTTP_INTERNAL_SERVER_ERROR; break; + case NGX_HTTP_UPSTREAM_FT_HTTP_503: + status = NGX_HTTP_SERVICE_UNAVAILABLE; + break; + case NGX_HTTP_UPSTREAM_FT_HTTP_403: status = NGX_HTTP_FORBIDDEN; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/mail/ngx_mail_proxy_module.c new/nginx-1.13.7/src/mail/ngx_mail_proxy_module.c --- old/nginx-1.13.6/src/mail/ngx_mail_proxy_module.c 2017-10-10 17:22:52.000000000 +0200 +++ new/nginx-1.13.7/src/mail/ngx_mail_proxy_module.c 2017-11-21 16:09:45.000000000 +0100 @@ -882,10 +882,13 @@ c = ev->data; s = c->data; - if (ev->timedout) { + if (ev->timedout || c->close) { c->log->action = "proxying"; - if (c == s->connection) { + if (c->close) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); + + } else if (c == s->connection) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.13.6/src/stream/ngx_stream_proxy_module.c new/nginx-1.13.7/src/stream/ngx_stream_proxy_module.c --- old/nginx-1.13.6/src/stream/ngx_stream_proxy_module.c 2017-10-10 17:22:53.000000000 +0200 +++ new/nginx-1.13.7/src/stream/ngx_stream_proxy_module.c 2017-11-21 16:09:45.000000000 +0100 @@ -1290,6 +1290,12 @@ s = c->data; u = s->upstream; + if (c->close) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); + ngx_stream_proxy_finalize(s, NGX_STREAM_OK); + return; + } + c = s->connection; pc = u->peer.connection;
