Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2020-02-09 20:47:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Sun Feb 9 20:47:25 2020 rev:46 rq:769945 version:1.17.8 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2020-01-23 15:55:44.151121550 +0100 +++ /work/SRC/openSUSE:Factory/.nginx.new.26092/nginx.changes 2020-02-09 20:47:26.670841688 +0100 @@ -1,0 +2,10 @@ +Sun Feb 2 01:03:07 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- Update to 1.17.8 + * Feature: variables support in the "grpc_pass" directive. + * Bugfix: a timeout might occur while handling pipelined requests + in an SSL connection; the bug had appeared in 1.17.5. + * Bugfix: in the "debug_points" directive when using HTTP/2. + Thanks to Daniil Bondarev. + +------------------------------------------------------------------- Old: ---- nginx-1.17.7.tar.gz nginx-1.17.7.tar.gz.asc New: ---- nginx-1.17.8.tar.gz nginx-1.17.8.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.HfcqOu/_old 2020-02-09 20:47:27.446842131 +0100 +++ /var/tmp/diff_new_pack.HfcqOu/_new 2020-02-09 20:47:27.446842131 +0100 @@ -74,7 +74,7 @@ %endif # Name: nginx -Version: 1.17.7 +Version: 1.17.8 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause ++++++ nginx-1.17.7.tar.gz -> nginx-1.17.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/CHANGES new/nginx-1.17.8/CHANGES --- old/nginx-1.17.7/CHANGES 2019-12-24 16:00:14.000000000 +0100 +++ new/nginx-1.17.8/CHANGES 2020-01-21 14:39:46.000000000 +0100 @@ -1,4 +1,15 @@ +Changes with nginx 1.17.8 21 Jan 2020 + + *) Feature: variables support in the "grpc_pass" directive. + + *) Bugfix: a timeout might occur while handling pipelined requests in an + SSL connection; the bug had appeared in 1.17.5. + + *) Bugfix: in the "debug_points" directive when using HTTP/2. + Thanks to Daniil Bondarev. + + Changes with nginx 1.17.7 24 Dec 2019 *) Bugfix: a segmentation fault might occur on start or during diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/CHANGES.ru new/nginx-1.17.8/CHANGES.ru --- old/nginx-1.17.7/CHANGES.ru 2019-12-24 16:00:12.000000000 +0100 +++ new/nginx-1.17.8/CHANGES.ru 2020-01-21 14:39:45.000000000 +0100 @@ -1,4 +1,15 @@ +Изменения в nginx 1.17.8 21.01.2020 + + *) Добавление: директива grpc_pass поддерживает переменные. + + *) Исправление: при обработке pipelined-запросов по SSL-соединению мог + произойти таймаут; ошибка появилась в 1.17.5. + + *) Исправление: в директиве debug_points при использовании HTTP/2. + Спасибо Даниилу Бондареву. + + Изменения в nginx 1.17.7 24.12.2019 *) Исправление: на старте или во время переконфигурации мог произойти diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/core/nginx.h new/nginx-1.17.8/src/core/nginx.h --- old/nginx-1.17.7/src/core/nginx.h 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/core/nginx.h 2020-01-21 14:39:42.000000000 +0100 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1017007 -#define NGINX_VERSION "1.17.7" +#define nginx_version 1017008 +#define NGINX_VERSION "1.17.8" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/event/ngx_event.c new/nginx-1.17.8/src/event/ngx_event.c --- old/nginx-1.17.7/src/event/ngx_event.c 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/event/ngx_event.c 2020-01-21 14:39:42.000000000 +0100 @@ -238,6 +238,7 @@ } if (!ngx_queue_empty(&ngx_posted_next_events)) { + ngx_event_move_posted_next(cycle); timer = 0; } @@ -261,7 +262,6 @@ } ngx_event_process_posted(cycle, &ngx_posted_events); - ngx_event_process_posted_next(cycle, &ngx_posted_next_events); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/event/ngx_event_openssl.c new/nginx-1.17.8/src/event/ngx_event_openssl.c --- old/nginx-1.17.7/src/event/ngx_event_openssl.c 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/event/ngx_event_openssl.c 2020-01-21 14:39:42.000000000 +0100 @@ -2017,6 +2017,10 @@ c->read->available = 0; c->read->ready = 0; + if (c->read->posted) { + ngx_delete_posted_event(c->read); + } + ngx_post_event(c->read, &ngx_posted_next_events); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/event/ngx_event_posted.c new/nginx-1.17.8/src/event/ngx_event_posted.c --- old/nginx-1.17.7/src/event/ngx_event_posted.c 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/event/ngx_event_posted.c 2020-01-21 14:39:42.000000000 +0100 @@ -37,26 +37,24 @@ void -ngx_event_process_posted_next(ngx_cycle_t *cycle, ngx_queue_t *posted) +ngx_event_move_posted_next(ngx_cycle_t *cycle) { ngx_queue_t *q; ngx_event_t *ev; - while (!ngx_queue_empty(posted)) { - - q = ngx_queue_head(posted); + for (q = ngx_queue_head(&ngx_posted_next_events); + q != ngx_queue_sentinel(&ngx_posted_next_events); + q = ngx_queue_next(q)) + { ev = ngx_queue_data(q, ngx_event_t, queue); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "posted next event %p", ev); - ngx_delete_posted_event(ev); - - if (!ev->ready) { - ev->ready = 1; - ev->available = -1; - } - - ev->handler(ev); + ev->ready = 1; + ev->available = -1; } + + ngx_queue_add(&ngx_posted_events, &ngx_posted_next_events); + ngx_queue_init(&ngx_posted_next_events); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/event/ngx_event_posted.h new/nginx-1.17.8/src/event/ngx_event_posted.h --- old/nginx-1.17.7/src/event/ngx_event_posted.h 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/event/ngx_event_posted.h 2020-01-21 14:39:42.000000000 +0100 @@ -39,7 +39,7 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted); -void ngx_event_process_posted_next(ngx_cycle_t *cycle, ngx_queue_t *posted); +void ngx_event_move_posted_next(ngx_cycle_t *cycle); extern ngx_queue_t ngx_posted_accept_events; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/http/modules/ngx_http_grpc_module.c new/nginx-1.17.8/src/http/modules/ngx_http_grpc_module.c --- old/nginx-1.17.7/src/http/modules/ngx_http_grpc_module.c 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/http/modules/ngx_http_grpc_module.c 2020-01-21 14:39:42.000000000 +0100 @@ -27,6 +27,9 @@ ngx_str_t host; ngx_uint_t host_set; + ngx_array_t *grpc_lengths; + ngx_array_t *grpc_values; + #if (NGX_HTTP_SSL) ngx_uint_t ssl; ngx_uint_t ssl_protocols; @@ -119,6 +122,8 @@ unsigned status:1; ngx_http_request_t *request; + + ngx_str_t host; } ngx_http_grpc_ctx_t; @@ -135,6 +140,8 @@ } ngx_http_grpc_frame_t; +static ngx_int_t ngx_http_grpc_eval(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_http_grpc_loc_conf_t *glcf); static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r); static ngx_int_t ngx_http_grpc_reinit_request(ngx_http_request_t *r); static ngx_int_t ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in); @@ -524,23 +531,41 @@ return NGX_HTTP_INTERNAL_SERVER_ERROR; } + ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t)); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ctx->request = r; + + ngx_http_set_ctx(r, ctx, ngx_http_grpc_module); + glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); u = r->upstream; + if (glcf->grpc_lengths == NULL) { + ctx->host = glcf->host; + #if (NGX_HTTP_SSL) - u->ssl = (glcf->upstream.ssl != NULL); + u->ssl = (glcf->upstream.ssl != NULL); - if (u->ssl) { - ngx_str_set(&u->schema, "grpcs://"); + if (u->ssl) { + ngx_str_set(&u->schema, "grpcs://"); - } else { - ngx_str_set(&u->schema, "grpc://"); - } + } else { + ngx_str_set(&u->schema, "grpc://"); + } #else - ngx_str_set(&u->schema, "grpc://"); + ngx_str_set(&u->schema, "grpc://"); #endif + } else { + if (ngx_http_grpc_eval(r, ctx, glcf) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + } + u->output.tag = (ngx_buf_tag_t) &ngx_http_grpc_module; u->conf = &glcf->upstream; @@ -551,15 +576,6 @@ u->abort_request = ngx_http_grpc_abort_request; u->finalize_request = ngx_http_grpc_finalize_request; - ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t)); - if (ctx == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - ctx->request = r; - - ngx_http_set_ctx(r, ctx, ngx_http_grpc_module); - u->input_filter_init = ngx_http_grpc_filter_init; u->input_filter = ngx_http_grpc_filter; u->input_filter_ctx = ctx; @@ -577,6 +593,103 @@ static ngx_int_t +ngx_http_grpc_eval(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_http_grpc_loc_conf_t *glcf) +{ + size_t add; + ngx_url_t url; + ngx_http_upstream_t *u; + + ngx_memzero(&url, sizeof(ngx_url_t)); + + if (ngx_http_script_run(r, &url.url, glcf->grpc_lengths->elts, 0, + glcf->grpc_values->elts) + == NULL) + { + return NGX_ERROR; + } + + if (url.url.len > 7 + && ngx_strncasecmp(url.url.data, (u_char *) "grpc://", 7) == 0) + { + add = 7; + + } else if (url.url.len > 8 + && ngx_strncasecmp(url.url.data, (u_char *) "grpcs://", 8) == 0) + { + +#if (NGX_HTTP_SSL) + add = 8; + r->upstream->ssl = 1; +#else + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "grpcs protocol requires SSL support"); + return NGX_ERROR; +#endif + + } else { + add = 0; + } + + u = r->upstream; + + if (add) { + u->schema.len = add; + u->schema.data = url.url.data; + + url.url.data += add; + url.url.len -= add; + + } else { + ngx_str_set(&u->schema, "grpc://"); + } + + url.no_resolve = 1; + + if (ngx_parse_url(r->pool, &url) != NGX_OK) { + if (url.err) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "%s in upstream \"%V\"", url.err, &url.url); + } + + return NGX_ERROR; + } + + u->resolved = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_resolved_t)); + if (u->resolved == NULL) { + return NGX_ERROR; + } + + if (url.addrs) { + u->resolved->sockaddr = url.addrs[0].sockaddr; + u->resolved->socklen = url.addrs[0].socklen; + u->resolved->name = url.addrs[0].name; + u->resolved->naddrs = 1; + } + + u->resolved->host = url.host; + u->resolved->port = url.port; + u->resolved->no_port = url.no_port; + + if (url.family != AF_UNIX) { + + if (url.no_port) { + ctx->host = url.host; + + } else { + ctx->host.len = url.host.len + 1 + url.port_text.len; + ctx->host.data = url.host.data; + } + + } else { + ngx_str_set(&ctx->host, "localhost"); + } + + return NGX_OK; +} + + +static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r) { u_char *p, *tmp, *key_tmp, *val_tmp, *headers_frame; @@ -587,6 +700,7 @@ ngx_chain_t *cl, *body; ngx_list_part_t *part; ngx_table_elt_t *header; + ngx_http_grpc_ctx_t *ctx; ngx_http_upstream_t *u; ngx_http_grpc_frame_t *f; ngx_http_script_code_pt code; @@ -598,6 +712,8 @@ glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); + ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module); + len = sizeof(ngx_http_grpc_connection_start) - 1 + sizeof(ngx_http_grpc_frame_t); /* headers frame */ @@ -637,10 +753,10 @@ /* :authority header */ if (!glcf->host_set) { - len += 1 + NGX_HTTP_V2_INT_OCTETS + glcf->host.len; + len += 1 + NGX_HTTP_V2_INT_OCTETS + ctx->host.len; - if (tmp_len < glcf->host.len) { - tmp_len = glcf->host.len; + if (tmp_len < ctx->host.len) { + tmp_len = ctx->host.len; } } @@ -785,7 +901,7 @@ } #if (NGX_HTTP_SSL) - if (glcf->ssl) { + if (u->ssl) { *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, @@ -846,11 +962,11 @@ if (!glcf->host_set) { *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_AUTHORITY_INDEX); - b->last = ngx_http_v2_write_value(b->last, glcf->host.data, - glcf->host.len, tmp); + b->last = ngx_http_v2_write_value(b->last, ctx->host.data, + ctx->host.len, tmp); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "grpc header: \":authority: %V\"", &glcf->host); + "grpc header: \":authority: %V\"", &ctx->host); } ngx_memzero(&e, sizeof(ngx_http_script_engine_t)); @@ -4319,15 +4435,23 @@ clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - if (clcf->noname && conf->upstream.upstream == NULL) { + if (clcf->noname + && conf->upstream.upstream == NULL && conf->grpc_lengths == NULL) + { conf->upstream.upstream = prev->upstream.upstream; conf->host = prev->host; + + conf->grpc_lengths = prev->grpc_lengths; + conf->grpc_values = prev->grpc_values; + #if (NGX_HTTP_SSL) conf->upstream.ssl = prev->upstream.ssl; #endif } - if (clcf->lmt_excpt && clcf->handler == NULL && conf->upstream.upstream) { + if (clcf->lmt_excpt && clcf->handler == NULL + && (conf->upstream.upstream || conf->grpc_lengths)) + { clcf->handler = ngx_http_grpc_handler; } @@ -4537,18 +4661,54 @@ { ngx_http_grpc_loc_conf_t *glcf = conf; - size_t add; - ngx_str_t *value, *url; - ngx_url_t u; - ngx_http_core_loc_conf_t *clcf; + size_t add; + ngx_str_t *value, *url; + ngx_url_t u; + ngx_uint_t n; + ngx_http_core_loc_conf_t *clcf; + ngx_http_script_compile_t sc; - if (glcf->upstream.upstream) { + if (glcf->upstream.upstream || glcf->grpc_lengths) { return "is duplicate"; } + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + + clcf->handler = ngx_http_grpc_handler; + + if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { + clcf->auto_redirect = 1; + } + value = cf->args->elts; + url = &value[1]; + n = ngx_http_script_variables_count(url); + + if (n) { + + ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); + + sc.cf = cf; + sc.source = url; + sc.lengths = &glcf->grpc_lengths; + sc.values = &glcf->grpc_values; + sc.variables = n; + sc.complete_lengths = 1; + sc.complete_values = 1; + + if (ngx_http_script_compile(&sc) != NGX_OK) { + return NGX_CONF_ERROR; + } + +#if (NGX_HTTP_SSL) + glcf->ssl = 1; +#endif + + return NGX_CONF_OK; + } + if (ngx_strncasecmp(url->data, (u_char *) "grpc://", 7) == 0) { add = 7; @@ -4593,14 +4753,6 @@ ngx_str_set(&glcf->host, "localhost"); } - clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - - clcf->handler = ngx_http_grpc_handler; - - if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { - clcf->auto_redirect = 1; - } - return NGX_CONF_OK; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.7/src/http/v2/ngx_http_v2.c new/nginx-1.17.8/src/http/v2/ngx_http_v2.c --- old/nginx-1.17.7/src/http/v2/ngx_http_v2.c 2019-12-24 16:00:09.000000000 +0100 +++ new/nginx-1.17.8/src/http/v2/ngx_http_v2.c 2020-01-21 14:39:42.000000000 +0100 @@ -2466,10 +2466,6 @@ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "http2 state connection error"); - if (err == NGX_HTTP_V2_INTERNAL_ERROR) { - ngx_debug_point(); - } - ngx_http_v2_finalize_connection(h2c, err); return NULL;