Commit Graph

268 Commits

Author SHA1 Message Date
Datong Sun 93f785eed6 feature: added patches to the nginx core to make sure ngx_stream_ssl_preread_module will not skip the rest of the preread phase when SNI server name parsing was successful.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2018-01-14 22:40:09 -08:00
Datong Sun 30fa60ad5d patches: updated 1.13.6 balancer_status_code.patch and added patch for 1.13.8 as well.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2018-01-09 17:52:04 -08:00
spacewander ee6b26e347 feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0d and beyond.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2018-01-05 23:38:32 -08:00
spacewander a0dc14761a feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0c and beyond.
The patch is based on

https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/1588.patch,

with some minor modifications.

Thanks Alessandro Ghedini for the ground work.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2018-01-05 14:41:47 -08:00
Yichun Zhang (agentzh) 84734aa1f9 bugfix: fixed double free issues in the new init_cycle_pool_release patch for the nginx core. 2017-12-17 00:03:29 -08:00
Yichun Zhang (agentzh) f721f66b4e feature: applied the init_cycle_pool_release patch to nginx 1.13.6+ cores to make it valgrind or asan clean. 2017-12-16 12:41:12 -08:00
Yichun Zhang (agentzh) a1109b8dd2 upgraded the nginx core to 1.13.6. 2017-10-26 09:33:38 -07:00
Datong Sun 94766f7a41 patches: ensure "server" header in HTTP/2 response shows "openresty" when server_tokens are turned off.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-09-19 19:46:55 -07:00
Yichun Zhang (agentzh) 4eae6e2415 upgraded the nginx core to 1.13.5. 2017-09-15 23:38:48 -07:00
Yichun Zhang (agentzh) 3e2540f6a0 upgraded nginx core to 1.13.4. 2017-09-01 12:37:07 -07:00
Datong Sun 4b594fdce6 feature: added nginx core patches needed by ngx_stream_lua_module's balancer_by_lua*.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 1f2121b546 removed patches for the nginx 1.13.2 core. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 6237430ef4 upgraded nginx core to 1.13.3. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 967d1261cd added more fixes. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 1426d3283d fixed the dtrace patch for nginx. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 45a8fb27e4 fixed the upstream_timeout_fields patch for nginx. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 3c114dbe46 fixed the log_escape_non_ascii patch for the nginx core. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 20e70449f8 fixed the nginx server_header patch. 2017-09-01 12:37:07 -07:00
Yichun Zhang (agentzh) 6614441908 upgraded the nginx core to 1.13.2 (some patches fail to apply though). 2017-09-01 12:37:07 -07:00
spacewander adcff66454 feature: applied a patch to the nginx core to make the nginx variable $proxy_add_x_forwarded_for accessible on Lua land.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-07-16 10:51:28 -07:00
Yichun Zhang (agentzh) 19c6e1fb5c bugfix: applied nginx's official security fix for an issue in the range filter (CVE-2017-7529). 2017-07-11 10:31:25 -07:00
Datong Sun 3b74625ad3 feature: added the balancer_status_code patch to the nginx core to allow returning arbitrary HTTP status codes inside upstream balancers.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-06-28 10:48:48 -07:00
Yichun Zhang (agentzh) add30287e1 change: applied a patch to the nginx core to turn nginx to openresty in the builtin special response pages' footer.
Thanks Datong Sun for the patch.
2017-06-23 14:33:08 -07:00
Datong Sun 6e74463f66 optimize: privileged agent: reduced the number of ngx_connection_t allocated inside the privileged worker to avoid excessive memory consumption when worker_connections is set very high.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-06-17 15:05:57 -07:00
Datong Sun 4950ec7f62 feature: applied the delayed-posted-events patch to the nginx core for adding "delayed posted events" which run in the next event cycle with 0 delay.
this nginx core feature is needed by the ngx.sleep(0) feature in
ngx_lua, for example.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-05-14 22:29:31 -07:00
Yichun Zhang (agentzh) ec8acae28e bugfix: applied the single_process_graceful_exit patch to the nginx core to fix the issue that nginx fails to perform graceful exit when master_process is turned off. 2017-05-14 10:43:57 -07:00
Yuansheng 7a7576319e feature: applied the intercept_error_log patch to the nginx core to provide 3rd-party modules a hook to intercept nginx error log data without touching files.
3rd-party modules can register a custom interception hook to ngx_http_core_main_conf_t.intercept_log_handler.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-05-12 13:25:36 -07:00
Yuansheng 79dc3c56aa feature: applied a small patch to the nginx core to add support for the "privileged agent" process which is run by the same system account as the master.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2017-05-05 18:12:47 -07:00
Thibault Charbonnier b490cfeea4 feature: applied the safe_resolver_ipv6_option patch to the nginx core to avoid the 'ipv6=off' option to be parsed by nginx when it is not built with IPv6 support.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
2016-12-26 22:14:59 -08:00
Yichun Zhang (agentzh) 381697b884 added the nginx core patch ssl_pending_session for nginx 1.9.15 as well. 2016-07-19 21:57:22 -07:00
Yichun Zhang (agentzh) 97901f3357 feature: applied the ssl_pending_session.patch to the nginx core to support the ssl_session_fetch_by_lua* and ssl_session_store_by_lua* in ngx_lua.
also added an openssl patch to support yieldable callback set by
SSL_CTX_sess_set_get_cb().
2016-07-19 19:26:29 -07:00
Yichun Zhang (agentzh) 09ca92f51f upgraded the nginx core to 1.11.2. 2016-07-17 19:45:33 -07:00
Yichun Zhang (agentzh) 99f0618218 nginx-1.9.15-upstream_timeout_fields.patch: renamed HAVE_UPSTREAM_TIMEOUT_FIELDS to HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS. 2016-07-09 11:21:23 -07:00
Yichun Zhang (agentzh) 7c274e056e feature: added the upstream_timeout_fields patch to the nginx core to allow per-request connect/send/read timeout settings for individual upstream requests and retries. 2016-07-01 12:17:53 -07:00
Yichun Zhang (agentzh) c47aef193f bugfix: applied the patch for nginx security advisory (CVE-2016-4450) to the nginx 1.9.15 core. 2016-05-31 15:45:49 -07:00
Yichun Zhang (agentzh) d6a8907fc0 resolved conflicts while merging the branch 1.9.7.x into master. 2016-05-31 15:43:07 -07:00
Yichun Zhang (agentzh) bf47ba9529 bugfix: applied the patch for nginx security advisory (CVE-2016-4450).
also bumped version to 1.9.7.5.
2016-05-31 13:19:28 -07:00
Yichun Zhang (agentzh) 741ff983e8 updated the dtrace patch for 1.9.15. 2016-05-02 15:54:55 -07:00
Yichun Zhang (agentzh) a9cada5c27 updated dtrace patch. 2016-05-02 15:51:57 -07:00
Yichun Zhang (agentzh) 1b197fb27a upgraded ngx_devel_kit to 0.3.0rc1; also fixed the no-pool patch for nginx 1.9.15. 2016-04-21 16:56:26 -07:00
Yichun Zhang (agentzh) 86be514b1c upgraded the nginx core to 1.9.15. 2016-04-21 16:16:58 -07:00
Yichun Zhang (agentzh) 5f7f678876 upgraded the NGINX core to 1.9.11 and ngx_lua to 0.10.1rc0. 2016-02-10 18:21:04 -08:00
Yichun Zhang (agentzh) 8c6b0f77af bugfix: applied nginx-1.9.7-resolver_security_fixes.patch by default. 2016-01-28 09:28:18 -08:00
Yichun Zhang (agentzh) 220b940e66 bugfix: the ./configure options --with-dtrace-probes and --with-stream did not work together. 2016-01-07 12:34:39 -08:00
Yichun Zhang (agentzh) c0c2f883e9 feature: applied the ssl_cert_cb_yield patch to the NGINX core to allow yielding in OpenSSL's SSL_CTX_set_cert_cb() callbacks (needed by ngx_lua's ssl_certificate_by_lua*, for example). 2016-01-03 10:21:03 -08:00
Yichun Zhang (agentzh) 83eeb14f6c upgraded the nginx core to 1.9.7. 2015-11-24 22:37:40 +08:00
Yichun Zhang (agentzh) 1f4045ef2c More MSYS/MinGW love.
* upgraded ngx_lua to 0.9.18rc1 to support Win32 LuaJIT DLL.
* upgraded lua-redis-parser to 0.11rc1 for better Win32 support.
* upgraded lua-rds-parser to 0.06rc2 for better Win32 support.
* upgraded ngx_rds_csv to 0.07rc1  for better Win32 support.
* upgraded lua-resty-cli to 0.04rc1 for better Win32 support.
* upgraded lua-resty-core to 0.1.2.
* applied a patch to LuaJIT to add "!/lualib/" to the default Lua
  package search paths.
* upgraded lua-cjson to 2.1.0.3rc2 for better Win32 support and
  a suppressed gcc warning.
* use OpenResty's nginx tarballs extracted directly from the official nginx
  code repos, because we need the win32 support which is excluded in the
  official nginx release tarballs. Our nginx release tarballs are
  generated by the util/package-nginx.sh script.
* added the util/package-win32.sh script to generate the Win32 OpenResty
  binary distribution file.
* applied a patch to always enable C compiler feature tests in nginx's
  own build system because the MinGW gcc compiler on Win32 is also
  powerful enough to support advanced features like variadic macros.
* added document README-win32.
* util/dist-check: do a partial uninstallation before installing
  anything new.
* added util/build-win32.sh to build OpenResty on Win32 using the
  MinGW/MSYS toolchain.
* ./configure: added support for building on Win32 using the MinGW/MSYS
  toolchain.
2015-11-02 15:41:50 +08:00
Yichun Zhang (agentzh) f84e035e45 upgraded the nginx core to 1.9.3. 2015-07-16 11:45:34 +08:00
Yichun Zhang (agentzh) 4907d14700 fixed a compilation error when both the dtrace static probes and --with-threads are specified. 2015-07-08 20:53:55 +08:00
Yichun Zhang (agentzh) ce65738299 upgraded the nginx core to 1.9.2. 2015-07-03 20:04:13 +08:00
Yichun Zhang (agentzh) 99ca550104 use Maxim Dounin's version of the upstream_filter_finalize patch. 2015-02-15 14:10:11 -08:00
Yichun Zhang (agentzh) 6be51e769a bugfix: applied the upstream_filter_finalize patch to the nginx core to fix corrupted $upstream_response_time values when filter_finalize and error_page are both used. thanks Daniel Bento for the report. 2015-02-12 17:20:22 -08:00
Yichun Zhang (agentzh) 6142b6936f upgraded the nginx core to 1.7.10. 2015-02-11 14:49:26 -08:00
Yichun Zhang (agentzh) 6b052c8fca bugfix: ngx_http_redis failed to compile when the ngx_gzip module was disabled. thanks anod221 for the report in #79. 2015-01-29 14:53:48 -08:00
Yichun Zhang (agentzh) fab852190b fixed the context line numbers in ngx_http_redis-0.3.7-variables_in_redis_pass.patch. 2015-01-29 12:49:20 -08:00
Yichun Zhang (agentzh) 5cb6e4f591 Revert "bugfix: applied the patch to fix a new regression in nginx 1.7.7's ngx_gzip and ngx_gunzip modules that could lead to request hang when the downstream is slow to write to."
This reverts commit b6d3a5cf7b.
2014-11-15 11:49:06 -08:00
Yichun Zhang (agentzh) b6d3a5cf7b bugfix: applied the patch to fix a new regression in nginx 1.7.7's ngx_gzip and ngx_gunzip modules that could lead to request hang when the downstream is slow to write to. 2014-10-31 18:18:38 -07:00
Yichun Zhang (agentzh) 46a5fd3bba upgraded the nginx core to 1.7.7. 2014-10-29 21:27:14 -07:00
Yichun Zhang (agentzh) 445ca90f06 bugfix: applied a patch to the nginx core to fix the memory invalid reads when exceeding the pre-configured limits in an ngx_hash_t hash table. also upgraded ngx_lua to 0.9.13rc1. 2014-10-06 23:45:48 -07:00
Yichun Zhang (agentzh) dde4c94fd0 bugfix: applied a patch to the nginx core to fix a memory invalid read regression introduced in nginx 1.7.5+'s resolver. 2014-09-30 16:05:19 -07:00
Yichun Zhang (agentzh) 8dae181c24 upgraded the nginx core to 1.7.5. 2014-09-20 16:16:31 -07:00
Yichun Zhang (agentzh) e225c37731 upgraded the nginx core to 1.7.4. 2014-08-07 19:18:57 -07:00
Yichun Zhang (agentzh) cd89141e48 updated the proxy_ssl_handshake_timer patch to the upstream version as per Jared Feng's request. 2014-07-28 13:08:39 -07:00
Yichun Zhang (agentzh) 43ae08a6c4 bugfix: applied a patch to fix a bug in the standard ngx_geoip module where its nginx variables like $geoip_latitude might randomly take empty values when they should take perfect values. see http://mailman.nginx.org/pipermail/nginx-devel/2014-July/005642.html 2014-07-25 15:03:42 -07:00
Yichun Zhang (agentzh) f26ae39115 bugfix: applied a patch to the nginx core to ensure the ssl handshake procedure in ngx_proxy is always protected by a timer for timeout errors. see http://mailman.nginx.org/pipermail/nginx-devel/2014-July/005627.html 2014-07-22 17:10:22 -07:00
Yichun Zhang (agentzh) cc4a307f0e upgraded the nginx core to 1.7.3. 2014-07-13 20:35:52 -07:00
Yichun Zhang (agentzh) b824a3cb59 upgraded the nginx core to 1.7.2. 2014-06-17 16:57:10 -07:00
Yichun Zhang (agentzh) 39407386ea removed the cve-2013-2070 patch which is useless for nginx 1.7.0. 2014-05-22 13:32:19 -07:00
Yichun Zhang (agentzh) e37973502e bugfix: updated the dtrace patch because systemtap 2.5 no longer accepts the -xnolib option in its dtrace utility. 2014-05-18 15:46:20 -07:00
Yichun Zhang (agentzh) 52e622a26c bugfix: our "prev_slab" field of ngx_slab_page_t could get out of sync in the slab_defrag patch for nginx. thanks Shuxin Yang for the catch. 2014-05-09 15:15:44 -07:00
Yichun Zhang (agentzh) 20e69718ce fixed a bug in slab_defrag.patch for the nginx core that we may incorrectly access the padding area between the end of pool->pages and pool->start. thanks Shuxin Yang for the catch. 2014-05-07 13:11:06 -07:00
Yichun Zhang (agentzh) 05334f1b5b updated the slab_defrag patch (for nginx) with better comments. thanks Shuxin for the suggestions. 2014-05-06 16:25:56 -07:00
Yichun Zhang (agentzh) 91549c16b4 updated the slab_defrag patch (for nginx) a bit. 2014-05-06 14:24:24 -07:00
Yichun Zhang (agentzh) 1dbd0b24d2 apply the slab_defrag patch to the nginx core by default. 2014-05-06 13:16:59 -07:00
Yichun Zhang (agentzh) 9c3a123035 upgraded nginx core to 1.7.0. 2014-05-03 12:59:19 -07:00
Yichun Zhang (agentzh) b0f1e786c1 upgraded the nginx core to 1.5.12. 2014-04-03 17:36:53 -07:00
Yichun Zhang (agentzh) 37ba2b1015 backported the patch to the nginx core for the latest SPDY security vulnerability (CVE-2014-0133). 2014-03-19 17:38:31 -07:00
Yichun Zhang (agentzh) d21cc33749 nginx: disabled the -Werror option for clang too. thanks Hamish Forbes for the report. 2014-03-13 20:58:54 -07:00
Yichun Zhang (agentzh) e36d505d80 upgraded the patches for nginx 1.5.11. 2014-03-08 15:02:35 -08:00
Yichun Zhang (agentzh) 227e4e0da2 upgraded nginx core to 1.5.9. 2014-01-27 22:11:50 -08:00
Yichun Zhang (agentzh) 676150c81b bugfix: setting $args might not make ngx_proxy (and others) honour the change. applied the setting_args_invalidates_uri patch to fix this issue. thanks rvsw for the report. 2014-01-23 12:06:48 -08:00
Yichun Zhang (agentzh) c9d9e4a8dd updated the resolve-names-with-a-trailing-dot patch according to the feedback from Piotr Sikora and Ruslan Ermilov. 2014-01-10 12:06:37 -08:00
Yichun Zhang (agentzh) 9a3e9dbffd bugfix: nginx's builtin resolver did not accept domain names with a trailing dot. 2014-01-08 11:50:58 -08:00
Yichun Zhang (agentzh) 1eb135cc6a upraded the nginx core to 1.5.8. 2013-12-18 13:44:42 -08:00
Yichun Zhang (agentzh) 4bab759ea3 optimize: shortened the server string "ngx_openresty" to "openresty". 2013-12-15 16:28:50 -08:00
Yichun Zhang (agentzh) 8cec47f755 upgraded the nginx core to 1.5.7. 2013-12-15 13:21:56 -08:00
Yichun Zhang (agentzh) 0528788543 feature: added new configure option --with-pcre-conf-opt=OPTIONS to the nginx core to allow custom PCRE ./configure build options. thanks Lance Li for the original patch in #39. 2013-12-10 10:19:00 -08:00
Yichun Zhang (agentzh) 2fb9ed5c1d updated the larger_max_error_str patch to allow NGX_MAX_ERROR_STR to be redefined from the outside. 2013-12-05 20:36:53 -08:00
Yichun Zhang (agentzh) 1728ca8c66 feature: applied the larger_max_error_str patch to the nginx core to allow error log messages up to 4096 bytes. 2013-12-05 20:33:30 -08:00
Yichun Zhang (agentzh) 633abb71bf upgraded the patch "variables_in_redis_pass" to ngx_http_redis 0.3.7. 2013-12-03 12:06:31 -08:00
Yichun Zhang (agentzh) 8b86c72ea2 applied the official patch patch.2013.space.txt for the Nginx core to fix the security issue CVE-2013-4547. 2013-11-20 21:05:36 -08:00
Yichun Zhang (agentzh) b694456ef3 bugfix: applied the cache_manager_exit patch to the nginx core to fix an issue when the cache manager process is shutting down. 2013-11-04 13:08:57 -08:00
Yichun Zhang (agentzh) 68d1241d12 updated the gzip_flush_bug patch to fix the issue in the ngx_gunzip module. thanks Maxim Dounin for the catch. 2013-10-28 15:30:52 -07:00
Yichun Zhang (agentzh) f35f66a487 feature: added patch nginx-1.4.3-proxy_host_port_vars to make $proxy_host and $proxy_port accessible for dynamic languages like Lua and Perl. 2013-10-27 15:37:11 -07:00
Yichun Zhang (agentzh) aac5d5e49e updated nginx-1.4.3-gzip_flush_bug.patch according to Maxim Dounin's feedback. 2013-10-27 15:00:06 -07:00
Yichun Zhang (agentzh) 8bc4bf391a updated the gzip_flush_bug patch according to the feedback from Maxim Dounin. 2013-10-26 17:24:51 -07:00
Yichun Zhang (agentzh) 1df484be52 bugfix: applied the cache_lock_hang_in_subreq patch to the nginx core to fix the request hang when using proxy_cache_lock in subrequests and the cache lock timeout happens. 2013-10-26 14:54:50 -07:00
Yichun Zhang (agentzh) 4308a5ca45 bugfix: applied the gzip_flush_bug.patch to the nginx core. see also http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004429.html 2013-10-25 17:31:39 -07:00
Yichun Zhang (agentzh) 274b1b6778 bugfix: backported Maxim Dounin's patch to fix an issue in the ngx_gzip module: it did not clear r->connection->buffered when the pending data was already flushed out. this could hang ngx_lua's ngx.flush(true) call, for example. 2013-10-19 20:49:06 -07:00
Yichun Zhang (agentzh) 35e053cb6c upgraded the nginx core to 1.4.3. 2013-10-17 16:15:42 -07:00