186526/openresty
1
0
Fork 0
mirror of https://github.com/openresty/openresty.git synced 2024-10-13 00:29:41 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: 186526:nginx-1.13.8
Branches Tags
186526:master 186526:1.19.9.x 186526:1.21.4.x 186526:1.25.3.x 186526:cve 186526:ngx-http-redis 186526:v24.2 186526:bump-1.21.4.2 186526:rel 186526:close_fd 186526:1.19.3.x 186526:1.17.8.x 186526:1.15.8.x 186526:nginx-1.13.8
186526:v1.27.1.1 186526:v1.19.9.2 186526:v1.21.4.4 186526:v1.25.3.2 186526:v1.25.3.1 186526:v1.21.4.3 186526:v1.21.4.2 186526:v1.21.4.2rc1 186526:v1.21.4.1 186526:v1.21.4.1rc3 186526:v1.21.4.1rc2 186526:v1.21.4.1rc1 186526:v1.19.9.1 186526:v1.19.9.1rc1 186526:v1.19.3.2 186526:v1.19.3.1 186526:v1.19.3.1rc1 186526:v1.19.3.1rc0 186526:v1.17.8.2 186526:v1.17.8.1 186526:v1.15.8.3 186526:v1.17.8.1rc1 186526:v1.15.8.2 186526:v1.15.8.1 186526:v1.15.8.1rc2 186526:v1.15.8.1rc1 186526:v1.13.6.2 186526:v1.13.6.1 186526:v1.11.2.5 186526:v1.11.2.4 186526:v1.11.2.3 186526:v1.11.2.2 186526:v1.11.2.1 186526:v1.9.15.1 186526:v1.9.7.5 186526:v1.9.7.4 186526:v1.9.7.3 186526:v1.9.7.2 186526:v1.9.7.1 186526:v1.9.3.2 186526:v1.9.3.1 186526:v1.9.3.1rc1 186526:v1.7.10.2 186526:v1.7.10.1 186526:v1.7.7.2 186526:v1.7.7.1 186526:v1.7.4.1 186526:v1.7.2.1 186526:v1.7.0.1 186526:v1.5.12.1 186526:v1.5.11.1 186526:v1.5.8.1 186526:v1.4.3.9 186526:v1.4.3.7 186526:v1.4.3.6 186526:v1.4.3.4 186526:v1.4.3.3 186526:v1.4.3.1 186526:v1.4.2.9 186526:v1.4.2.8 186526:v1.4.2.7 186526:v1.4.2.5 186526:v1.4.2.3 186526:v1.4.2.1 186526:v1.4.1.3 186526:v1.4.1.1 186526:v1.2.8.6 186526:v1.2.8.5 186526:v1.2.8.3 186526:v1.2.7.8 186526:v1.2.8.1 186526:v1.2.7.6 186526:v1.2.7.5 186526:v1.2.7.3 186526:v1.2.7.1 186526:v1.2.6.6 186526:v1.2.6.5 186526:v1.2.6.3 186526:v1.2.6.1 186526:v1.2.4.14 186526:v1.2.4.13 186526:v1.2.4.11 186526:v1.2.4.9 186526:v1.2.4.7 186526:v1.2.4.5 186526:v1.2.4.3 186526:v1.2.4.1 186526:v1.2.3.8 186526:v1.2.3.7 186526:v1.2.3.5 186526:v1.2.3.3 186526:v1.2.3.1 186526:v1.2.1.14 186526:v1.2.1.13 186526:v1.2.1.11 186526:v1.2.1.9 186526:v1.2.1.7 186526:v1.2.1.5 186526:v1.2.1.3 186526:v1.2.1.1 186526:v1.0.15.11 186526:v1.0.15.10 186526:v1.0.15.9 186526:v1.0.15.7 186526:v1.0.15.5 186526:v1.0.15.3 186526:v1.0.15.1 186526:v1.0.11.28 186526:v1.0.11.27 186526:v1.0.11.25 186526:v1.0.11.23 186526:v1.0.11.21 186526:v1.0.11.19 186526:v1.0.11.17 186526:v1.0.11.15 186526:v1.0.11.11 186526:v1.0.11.9 186526:v1.0.11.7 186526:v1.0.11.3 186526:v1.0.10.48 186526:v1.0.10.47 186526:v1.1.13.1 186526:v1.1.12.5 186526:v1.1.12.4 186526:v1.0.10.45 186526:v1.0.10.44 186526:v1.0.10.43 186526:v1.1.12.3 186526:v1.0.10.41 186526:v1.0.10.35 186526:v1.0.10.33 186526:v1.0.10.31 186526:v1.0.10.29 186526:v1.0.10.27 186526:v1.0.10.25 186526:v1.0.10.24 186526:v1.0.10.23 186526:v1.0.10.21 186526:v1.0.10.19 186526:v1.0.10.17 186526:v1.0.10.15 186526:v1.0.10.13 186526:v1.0.10.11 186526:v1.0.10.9 186526:v1.0.10.7 186526:v1.0.10.5 186526:v1.0.10.3 186526:v1.0.10.1 186526:v1.0.9.10 186526:v1.0.9.9 186526:v1.0.9.7 186526:v1.0.9.5 186526:v1.0.9.3 186526:v1.0.9.1 186526:v1.0.8.26 186526:v1.0.8.21 186526:v1.0.8.19 186526:v1.0.8.17 186526:v1.0.8.15 186526:v1.0.8.13 186526:v1.0.8.11 186526:v1.0.8.9 186526:v1.0.8.7 186526:v1.0.8.5 186526:v1.0.8.3 186526:v1.0.8.1 186526:v1.0.6.22 186526:v1.0.6.5 186526:v1.0.6.3 186526:v1.0.5.1 186526:v1.0.5.0 186526:v1.0.4.2 186526:v1.0.4.1 186526:v1.0.4.0 186526:v0.8.54.9 186526:v0.8.54.8 186526:v0.8.54.6 186526:v0.8.54.5 186526:v0.8.54.4 186526:v0.8.54.3
..
compare: 186526:v1.13.6.2
Branches Tags
186526:master 186526:1.19.9.x 186526:1.21.4.x 186526:1.25.3.x 186526:cve 186526:ngx-http-redis 186526:v24.2 186526:bump-1.21.4.2 186526:rel 186526:close_fd 186526:1.19.3.x 186526:1.17.8.x 186526:1.15.8.x 186526:nginx-1.13.8
186526:v1.27.1.1 186526:v1.19.9.2 186526:v1.21.4.4 186526:v1.25.3.2 186526:v1.25.3.1 186526:v1.21.4.3 186526:v1.21.4.2 186526:v1.21.4.2rc1 186526:v1.21.4.1 186526:v1.21.4.1rc3 186526:v1.21.4.1rc2 186526:v1.21.4.1rc1 186526:v1.19.9.1 186526:v1.19.9.1rc1 186526:v1.19.3.2 186526:v1.19.3.1 186526:v1.19.3.1rc1 186526:v1.19.3.1rc0 186526:v1.17.8.2 186526:v1.17.8.1 186526:v1.15.8.3 186526:v1.17.8.1rc1 186526:v1.15.8.2 186526:v1.15.8.1 186526:v1.15.8.1rc2 186526:v1.15.8.1rc1 186526:v1.13.6.2 186526:v1.13.6.1 186526:v1.11.2.5 186526:v1.11.2.4 186526:v1.11.2.3 186526:v1.11.2.2 186526:v1.11.2.1 186526:v1.9.15.1 186526:v1.9.7.5 186526:v1.9.7.4 186526:v1.9.7.3 186526:v1.9.7.2 186526:v1.9.7.1 186526:v1.9.3.2 186526:v1.9.3.1 186526:v1.9.3.1rc1 186526:v1.7.10.2 186526:v1.7.10.1 186526:v1.7.7.2 186526:v1.7.7.1 186526:v1.7.4.1 186526:v1.7.2.1 186526:v1.7.0.1 186526:v1.5.12.1 186526:v1.5.11.1 186526:v1.5.8.1 186526:v1.4.3.9 186526:v1.4.3.7 186526:v1.4.3.6 186526:v1.4.3.4 186526:v1.4.3.3 186526:v1.4.3.1 186526:v1.4.2.9 186526:v1.4.2.8 186526:v1.4.2.7 186526:v1.4.2.5 186526:v1.4.2.3 186526:v1.4.2.1 186526:v1.4.1.3 186526:v1.4.1.1 186526:v1.2.8.6 186526:v1.2.8.5 186526:v1.2.8.3 186526:v1.2.7.8 186526:v1.2.8.1 186526:v1.2.7.6 186526:v1.2.7.5 186526:v1.2.7.3 186526:v1.2.7.1 186526:v1.2.6.6 186526:v1.2.6.5 186526:v1.2.6.3 186526:v1.2.6.1 186526:v1.2.4.14 186526:v1.2.4.13 186526:v1.2.4.11 186526:v1.2.4.9 186526:v1.2.4.7 186526:v1.2.4.5 186526:v1.2.4.3 186526:v1.2.4.1 186526:v1.2.3.8 186526:v1.2.3.7 186526:v1.2.3.5 186526:v1.2.3.3 186526:v1.2.3.1 186526:v1.2.1.14 186526:v1.2.1.13 186526:v1.2.1.11 186526:v1.2.1.9 186526:v1.2.1.7 186526:v1.2.1.5 186526:v1.2.1.3 186526:v1.2.1.1 186526:v1.0.15.11 186526:v1.0.15.10 186526:v1.0.15.9 186526:v1.0.15.7 186526:v1.0.15.5 186526:v1.0.15.3 186526:v1.0.15.1 186526:v1.0.11.28 186526:v1.0.11.27 186526:v1.0.11.25 186526:v1.0.11.23 186526:v1.0.11.21 186526:v1.0.11.19 186526:v1.0.11.17 186526:v1.0.11.15 186526:v1.0.11.11 186526:v1.0.11.9 186526:v1.0.11.7 186526:v1.0.11.3 186526:v1.0.10.48 186526:v1.0.10.47 186526:v1.1.13.1 186526:v1.1.12.5 186526:v1.1.12.4 186526:v1.0.10.45 186526:v1.0.10.44 186526:v1.0.10.43 186526:v1.1.12.3 186526:v1.0.10.41 186526:v1.0.10.35 186526:v1.0.10.33 186526:v1.0.10.31 186526:v1.0.10.29 186526:v1.0.10.27 186526:v1.0.10.25 186526:v1.0.10.24 186526:v1.0.10.23 186526:v1.0.10.21 186526:v1.0.10.19 186526:v1.0.10.17 186526:v1.0.10.15 186526:v1.0.10.13 186526:v1.0.10.11 186526:v1.0.10.9 186526:v1.0.10.7 186526:v1.0.10.5 186526:v1.0.10.3 186526:v1.0.10.1 186526:v1.0.9.10 186526:v1.0.9.9 186526:v1.0.9.7 186526:v1.0.9.5 186526:v1.0.9.3 186526:v1.0.9.1 186526:v1.0.8.26 186526:v1.0.8.21 186526:v1.0.8.19 186526:v1.0.8.17 186526:v1.0.8.15 186526:v1.0.8.13 186526:v1.0.8.11 186526:v1.0.8.9 186526:v1.0.8.7 186526:v1.0.8.5 186526:v1.0.8.3 186526:v1.0.8.1 186526:v1.0.6.22 186526:v1.0.6.5 186526:v1.0.6.3 186526:v1.0.5.1 186526:v1.0.5.0 186526:v1.0.4.2 186526:v1.0.4.1 186526:v1.0.4.0 186526:v0.8.54.9 186526:v0.8.54.8 186526:v0.8.54.6 186526:v0.8.54.5 186526:v0.8.54.4 186526:v0.8.54.3

63 Commits
nginx-1.13 ... v1.13.6.2

Author SHA1 Message Date
Yichun Zhang (agentzh)
116b8fe20d restydoc: updated the bundled version of the LuaJIT docs to the latest. 2018-05-14 13:23:52 -07:00
Yichun Zhang (agentzh)
4f0980829a bumped version to 1.13.6.2. 2018-05-14 13:16:59 -07:00
Yichun Zhang (agentzh)
eccf26672c tests: updated sanity.t with util/fix-tests to reflect recent component version changes. 2018-04-24 16:40:27 -07:00
Yichun Zhang (agentzh)
a03c89076c upgraded ngx_lua to 0.10.13, ngx_stream_lua to 0.0.5, and lua-resty-core to 0.1.15. 2018-04-22 11:50:47 -07:00
Yichun Zhang (agentzh)
30cc6a2201 build-win32: use JOBS=12 by default since Windows's IO is slow... 2018-04-22 11:38:17 -07:00
Yichun Zhang (agentzh)
8a18db029a added a placeholder README-win32.md file. 2018-04-22 11:32:21 -07:00
Yichun Zhang (agentzh)
25faa6d002 win32: enabled ngx_stream_ssl_preread_module in our binary builds. 2018-04-21 20:37:31 -07:00
Yichun Zhang (agentzh)
c41a76e485 fixed the win32 building scripts. 2018-04-21 19:03:57 -07:00
Yichun Zhang (agentzh)
f3406b5ab3 upgraded LuaJIT to 2.1-20180420, ngx_lua to 0.10.13rc1, ngx_stream_lua to 0.0.5rc1, and lua-resty-core to 0.1.15rc1. 2018-04-21 19:01:51 -07:00
Yichun Zhang (agentzh)
51c4a3848d feature: added 64-bit windows building/packaging support using the MSYS2/MinGW toolchain. 2018-04-21 19:00:45 -07:00
Datong Sun
f0e621b0c4 bugfix: nginx patch: do not build resolver parsing feature under Windows. 
bugfix: nginx patch: moved the include of resolv.h to after ngx_config.h to avoid compilation failures on FreeBSD.

bugfix: patch: updated safe_resolver_ipv6_option.patch with new offsets to avoid confusing patch while applying.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-04-20 17:55:54 -07:00
Yichun Zhang (agentzh)
d6c07852e6 Revert "win32: we should use the right openssl patch." 
We now downgrade openssl for the win32 build to 1.0.2o.

This reverts commit 8b98c7df0f.
 2018-04-19 20:11:41 -07:00
Yichun Zhang (agentzh)
8b98c7df0f win32: we should use the right openssl patch. 2018-04-19 19:37:58 -07:00
Yichun Zhang (agentzh)
57166863d3 updated tests to reflect recent changes. 2018-04-19 19:02:31 -07:00
Yichun Zhang (agentzh)
15aec7f8f9 win32: upgraded pcre to 8.42 and openssl to 1.1.0h. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-04-19 17:17:17 -07:00
Yichun Zhang (agentzh)
17d6683267 bumped version to 1.13.6.2rc1. 2018-04-19 16:35:57 -07:00
Yichun Zhang (agentzh)
4e202252f4 tests: dist-check: added support for OPENSSL_PREFIX for using a different openssl installation. 2018-04-19 15:04:24 -07:00
Yichun Zhang (agentzh)
5d0235ea71 upgraded ngx_xss to 0.06. 2018-04-19 14:03:30 -07:00
Yichun Zhang (agentzh)
7bf9833472 upgraded ngx_redis2 to 0.15. 2018-04-19 14:02:03 -07:00
Yichun Zhang (agentzh)
27d90f13cf upgraded lua-resty-string to 0.11. 2018-04-19 13:59:52 -07:00
Yichun Zhang (agentzh)
2f74b9703a upgraded ngx_rds_csv to 0.09. 2018-04-19 13:58:04 -07:00
Yichun Zhang (agentzh)
abad894952 upgraded ngx_drizzle to 0.1.11. 2018-04-19 13:55:52 -07:00
Yichun Zhang (agentzh)
506b0b8926 upgraded ngx_memc to 0.19 2018-04-19 13:48:03 -07:00
Yichun Zhang (agentzh)
c89133ec7e upgraded ngx_encrypted_session to 0.08. 2018-04-19 13:30:38 -07:00
Yichun Zhang (agentzh)
372befff8d upgraded ngx_set_misc to 0.32. 2018-04-19 13:28:48 -07:00
Yichun Zhang (agentzh)
ea1630562c upgraded lua-resty-dns to 0.21. 2018-04-19 13:20:33 -07:00
Yichun Zhang (agentzh)
7f78188bcb upgraded resty-cli to 0.21. 2018-04-19 13:17:42 -07:00
Yichun Zhang (agentzh)
38b45d7a59 upgraded LuaJIT to 2.1-20180419. 2018-04-19 13:11:42 -07:00
Yichun Zhang (agentzh)
be40a6f25c upgraded lua-resty-lrucache to 0.08. 2018-04-19 12:37:54 -07:00
Yichun Zhang (agentzh)
3b7ec8ed33 upgraded ngx_lua to 0.10.12. 2018-04-19 12:34:24 -07:00
Yichun Zhang (agentzh)
35588fa607 upgraded ngx_stream_lua to 0.0.4. 2018-04-19 12:30:09 -07:00
Yichun Zhang (agentzh)
994a743f9e upgraded opm to 0.0.5. 2018-04-19 12:28:36 -07:00
Yichun Zhang (agentzh)
a737e8a839 upgraded lua-resty-core to 0.1.14. 2018-04-19 12:22:06 -07:00
Yichun Zhang (agentzh)
412ac81f38 upgraded lua-cjson to 2.1.0.6. 2018-04-19 12:20:15 -07:00
Datong Sun
ff89bf3ea1 resolv.conf: fixed a bug that when a newline character is present at the end of the resolv.conf file, the parser incorrectly included such newline in the parsed address. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-03-30 12:21:19 -07:00
Yichun Zhang (agentzh)
395e039e8e doc: fixed the resolv.conf file name, reported by Thibault Charbonnier. 2018-03-27 14:33:41 -07:00
spacewander
a4f399b3ac feature: added the socket_cloexec patch to ensure most of the nginx connections could be closed before child process terminates. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-03-27 13:46:01 -07:00
Datong Sun
8d3ce00348 README: added documentations for the newly added resolver.conf parsing feature. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-03-27 13:22:53 -07:00
Yichun Zhang (agentzh)
4a85469797 ./configure: fixed source lines exceeding 80 cols (heredoc literals are skipped). 2018-03-18 12:42:07 -07:00
Yichun Zhang (agentzh)
46a1c7adb3 feature: now the openresty build system (./configure) automatically patches the resty command-line utility to use its own nginx binary so that it does not have to compute it at runtime (which is a bit expensive). 
this saves about 10ms (from for total 20ms to 10ms) for resty's startup time, as
measured on a mid-2015 MBP. That's 50% reduction in total startup time!

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-03-18 12:32:02 -07:00
Yichun Zhang (agentzh)
f1ad126b75 updated tests to reflect recent changes. 2018-03-18 12:07:00 -07:00
Yichun Zhang (agentzh)
7732e38e4c upgraded resty-cli to 0.21rc2. 2018-03-18 11:56:39 -07:00
Datong Sun
3d8b33f0e8 feature: added a patch for the nginx core to add the "local=/path/to/resolv.conf" option to the standard "resolver" config directive. 
This can enable the use of system-level nameserver configurations of
/etc/resolv.conf, for example, in nginx's own nonblocking DNS resolver.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-03-16 16:19:19 -07:00
Yichun Zhang (agentzh)
d11dee9ca8 upgraded opm to 0.0.5rc1. 2018-03-08 00:00:18 -08:00
Yichun Zhang (agentzh)
7a8fb4bc81 upgraded resty-cli to 0.21rc1. 2018-03-07 23:56:51 -08:00
Yichun Zhang (agentzh)
d9d28a5f8b upgraded lua-resty-lrucache to 0.08rc1. 2018-03-07 23:55:36 -08:00
catatsuy
031778f770 bugfix: ./configure: relative paths in --add-dynamic-module=PATH option did not work. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-02-25 14:46:07 -08:00
Yichun Zhang (agentzh)
1555734368 updated tests to reflect recent component updates. 2018-02-11 11:38:26 -08:00
Yichun Zhang (agentzh)
e5b5344238 upgraded lua-resty-string to 0.11rc1. 2018-02-05 22:25:35 -08:00
Francesco Giacomini
0271201881 mirror-tarball: simpl/ngx_devel_kit -> simplresty/ngx_devel_kit. 
fix https://github.com/openresty/openresty/issues/336

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-02-02 15:11:51 -08:00
Yichun Zhang (agentzh)
94db027c12 ./configure: updated the stream subsystem related options from nginx 1.13.6. 
thanks hy05190134 for the report in #334.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-24 11:49:52 -08:00
Yichun Zhang (agentzh)
e5767d96e9 tests: updated to reflect recent changes. 2018-01-24 11:46:34 -08:00
Yichun Zhang (agentzh)
36171ae02b upgraded ngx_stream_lua to 0.0.4rc1. 2018-01-15 15:48:47 -08:00
Yichun Zhang (agentzh)
2267596f54 upgraded ngx_rds_csv to 0.09rc1. 2018-01-15 15:38:10 -08:00
Yichun Zhang (agentzh)
2f826961dd upgraded ngx_xss to 0.06rc1. 2018-01-15 15:29:15 -08:00
Yichun Zhang (agentzh)
028f5e5dec upgraded lua-resty-core to 0.1.14rc1. 2018-01-15 14:42:38 -08:00
Yichun Zhang (agentzh)
2ed7e33a5b upgraded ngx_lua to 0.10.12rc2. 2018-01-15 14:41:27 -08:00
Yichun Zhang (agentzh)
fd0bf98d6f upgraded ngx_set_misc to 0.32rc1, ngx_memc to 0.19rc1, ngx_encrypted_session to 0.08rc1, and ngx_redis2 to 0.15rc1. 2018-01-15 14:37:21 -08:00
Datong Sun
93f785eed6 feature: added patches to the nginx core to make sure ngx_stream_ssl_preread_module will not skip the rest of the preread phase when SNI server name parsing was successful. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-14 22:40:09 -08:00
Datong Sun
30fa60ad5d patches: updated 1.13.6 balancer_status_code.patch and added patch for 1.13.8 as well. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-09 17:52:04 -08:00
spacewander
ee6b26e347 feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0d and beyond. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-05 23:38:32 -08:00
spacewander
e777a35db3 feature: shipped openssl-1.1.0c patch with the source release tarball. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-05 14:42:03 -08:00
spacewander
a0dc14761a feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0c and beyond. 
The patch is based on

https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/1588.patch,

with some minor modifications.

Thanks Alessandro Ghedini for the ground work.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 2018-01-05 14:41:47 -08:00
64 changed files with 3186 additions and 4495 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -75,3 +75,4 @@ upload-win32
html_out/ html_out/
TODO TODO
doc/LuaJIT-2.1/changes.pod doc/LuaJIT-2.1/changes.pod
t/servroot

31
README.markdown
View File

@ -10,6 +10,8 @@ Table of Contents
* [Description](#description) * [Description](#description)
* [For Users](#for-users) * [For Users](#for-users)
* [For Bundle Maintainers](#for-bundle-maintainers) * [For Bundle Maintainers](#for-bundle-maintainers)
* [Additional Features](#additional-features)
* [resolv.conf parsing](#resolvconf-parsing)
* [Mailing List](#mailing-list) * [Mailing List](#mailing-list)
* [Report Bugs](#report-bugs) * [Report Bugs](#report-bugs)
* [Copyright & License](#copyright--license) * [Copyright & License](#copyright--license)
@ -61,6 +63,35 @@ sudo dnf install perl dos2unix mercurial
[Back to TOC](#table-of-contents) [Back to TOC](#table-of-contents)
Additional Features
===================
In additional to the standard nginx core features, this bundle also supports the following:
[Back to TOC](#table-of-contents)
resolv.conf parsing
--------------------
**syntax:** *resolver address ... [valid=time] [ipv6=on|off] [local=on|off|path]*
**default:** *-*
**context:** *http, stream, server, location*
Similar to the [`resolver` directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver)
in standard nginx core with additional support for parsing additional resolvers from the `resolv.conf` file
format.
When `local=on`, the standard path of `/etc/resolv.conf` will be used. You may also specify arbitrary
path to be used for parsing, for example: `local=/tmp/test.conf`.
When `local=off`, parsing will be disabled (this is the default).
This feature is not available on Windows platforms.
[Back to TOC](#table-of-contents)
Mailing List Mailing List
============ ============

2
doc/LuaJIT-2.1/README.pod
View File

@ -196,6 +196,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file luajit.html #From file luajit.html
# 8082 bytes of input # 8082 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/contact.pod
View File

@ -82,6 +82,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file contact.html #From file contact.html
# 2989 bytes of input # 2989 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:15 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

6
doc/LuaJIT-2.1/ext_c_api.pod
View File

@ -82,8 +82,8 @@ second argument is either C<0> or a stack index (similar to the other
Lua/C API functions). Lua/C API functions).
The third argument specifies the mode, which is 'or'ed with a flag. The The third argument specifies the mode, which is 'or'ed with a flag. The
flag can be C<LUAJIT_MODE_OFF> to turn a feature on, C<LUAJIT_MODE_ON> flag can be C<LUAJIT_MODE_OFF> to turn a feature off, C<LUAJIT_MODE_ON>
to turn a feature off, or C<LUAJIT_MODE_FLUSH> to flush cached code. to turn a feature on, or C<LUAJIT_MODE_FLUSH> to flush cached code.
The following modes are defined: The following modes are defined:
@ -170,7 +170,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_c_api.html #From file ext_c_api.html
# 6042 bytes of input # 6042 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:15 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>
# Deleting phrasal "code" element (`tt_18) because it has super-phrasal elements (`br_3) as children. # Deleting phrasal "code" element (`tt_18) because it has super-phrasal elements (`br_3) as children.

2
doc/LuaJIT-2.1/ext_ffi.pod
View File

@ -280,6 +280,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_ffi.html #From file ext_ffi.html
# 10336 bytes of input # 10336 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/ext_ffi_api.pod
View File

@ -495,7 +495,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_ffi_api.html #From file ext_ffi_api.html
# 21471 bytes of input # 21471 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>
# Deleting phrasal "code" element (`tt_157) because it has super-phrasal elements (`br_3, `br_4) as children. # Deleting phrasal "code" element (`tt_157) because it has super-phrasal elements (`br_3, `br_4) as children.

12
doc/LuaJIT-2.1/ext_ffi_semantics.pod
View File

@ -1019,10 +1019,10 @@ not mix this up: e.g. passing C<"int"> as a string doesn't work in
place of a type, you'd need to use C<ffi.typeof("int")> instead. place of a type, you'd need to use C<ffi.typeof("int")> instead.
The main use for parameterized types are libraries implementing The main use for parameterized types are libraries implementing
abstract data types (E<rchevron> example), similar to what can be abstract data types (example), similar to what can be achieved with C++
achieved with C++ template metaprogramming. Another use case are template metaprogramming. Another use case are derived types of
derived types of anonymous structs, which avoids pollution of the anonymous structs, which avoids pollution of the global struct
global struct namespace. namespace.
Please note that parameterized types are a nice tool and indispensable Please note that parameterized types are a nice tool and indispensable
for certain use cases. But you'll want to use them sparingly in regular for certain use cases. But you'll want to use them sparingly in regular
@ -1379,7 +1379,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_ffi_semantics.html #From file ext_ffi_semantics.html
# 53769 bytes of input # 53732 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/ext_ffi_tutorial.pod
View File

@ -616,7 +616,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_ffi_tutorial.html #From file ext_ffi_tutorial.html
# 22557 bytes of input # 22557 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>
# Deleting phrasal "code" element (`tt_100) because it has super-phrasal elements (`br_33, `br_34) as children. # Deleting phrasal "code" element (`tt_100) because it has super-phrasal elements (`br_33, `br_34) as children.

2
doc/LuaJIT-2.1/ext_jit.pod
View File

@ -175,7 +175,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_jit.html #From file ext_jit.html
# 5903 bytes of input # 5903 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>
# Deleting phrasal "code" element (`tt_6) because it has super-phrasal elements (`br_2, `br_3) as children. # Deleting phrasal "code" element (`tt_6) because it has super-phrasal elements (`br_2, `br_3) as children.

2
doc/LuaJIT-2.1/ext_profiler.pod
View File

@ -353,6 +353,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file ext_profiler.html #From file ext_profiler.html
# 13135 bytes of input # 13135 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/extensions.pod
View File

@ -472,6 +472,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file extensions.html #From file extensions.html
# 17733 bytes of input # 17733 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/faq.pod
View File

@ -219,6 +219,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file faq.html #From file faq.html
# 7685 bytes of input # 7685 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/install.pod
View File

@ -692,7 +692,7 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file install.html #From file install.html
# 25250 bytes of input # 25250 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>
# Deleting phrasal "a" element (`a_34) because it has super-phrasal elements (`br_16) as children. # Deleting phrasal "a" element (`a_34) because it has super-phrasal elements (`br_16) as children.

2
doc/LuaJIT-2.1/running.pod
View File

@ -416,6 +416,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file running.html #From file running.html
# 13720 bytes of input # 13720 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

2
doc/LuaJIT-2.1/status.pod
View File

@ -108,6 +108,6 @@ Copyright E<copy> 2005-2017 Mike Pall E<middot> Contact
#Pod::HTML2Pod conversion notes: #Pod::HTML2Pod conversion notes:
#From file status.html #From file status.html
# 3931 bytes of input # 3931 bytes of input
#Sat May 13 16:35:32 2017 agentzh #Mon May 14 13:19:16 2018 agentzh
# No a_name switch not specified, so will not try to render <a name='...'> # No a_name switch not specified, so will not try to render <a name='...'>
# No a_href switch not specified, so will not try to render <a href='...'> # No a_href switch not specified, so will not try to render <a href='...'>

216
doc/README-win32.md
View File

@ -1,215 +1 @@
Name See [README-windows](./README-windows.md).
====
README-win32 - README for the Windows 32-bit build of OpenResty
Description
===========
The official binary Win32 distribution of OpenResty can be downloaded from the following web page:
https://openresty.org/en/download.html
To start the NGINX server of the nginx server of the Win32 binary distribution of OpenResty:
```bash
start nginx
```
You can also specify the `-p PATH/` option to override the default server prefix, as in
```bash
cd /path/to/my/openresty/app/
start nginx -p $PWD
```
Then you can use the `tasklist` command to check the nginx processes running in the background:
```console
C:\> tasklist /fi "imagename eq nginx.exe"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
nginx.exe 4616 Console 1 7,412 K
nginx.exe 5836 Console 1 7,800 K
```
One of the two processes is the master process while the other is the worker.
If you are using the MSYS bash instead of the `cmd.exe` console, then you should replace the `/fi` option
with `-fi` in the command above instead.
You can quickly shut down the server like this:
```bash
nginx -s stop
```
or gracefully shut it down like this:
```bash
nginx -s quit
```
You can also forcibly kill the nginx processes via their PIDs with `taskkill`, as in
```console
C:\> taskkill /pid 5488 /F
```
where the PID (5488 in this example) can be found via the aforementioned `tasklist` command.
Again, you should use the form `-pid` and `-F` for the options if you are in an MSYS bash
session.
Similarly, you can use the `nginx -s reload` command to reload nginx configurations without
stopping the server. And you can use `nginx -s reopen` to instruct nginx to re-open
all the log files.
You can run the `resty` script like this:
```console
C:\> resty -e "ngx.say('Hello, OpenResty!')"
Hello, OpenResty!
```
The `resty` command-line utility requires a Perl interpreter installed in your
system and visible to your PATH environment. Any perl distributions should
work, including StrawberryPerl, ActivePerl, and MSYS perl (the former two are
recommended though).
Debugging
=========
Debug symbosl are enabled even in release builds. So that when things go very wrong,
one can still debug things with tools like MSYS GDB.
Inclusion of debug symbols make the binary files (`.exe` and `.dll` files) much larger,
but it generally will not load into memory during normal execution on a modern operating
system.
Caveats
=======
The Win32 port of the NGINX core supports the good old `select` IO multiplexing mechanism
only.
The I/O Completion Ports (IOCP) feature is *not* supported (yet). So do not use this build
for production environments with very high concurrency levels.
This Win32 build of OpenResty is mainly for developers who want to develop their applications
in native Windows environment (though they eventually push the finished work onto a Linux or *BSD box, most of the time).
TODO
====
* Add support for more than one NGINX worker processes.
* Add support for concurrent connections more than 1024.
* Switch to the Microsoft Visual Studio compiler toolchain for better performance and easier binary
package redistribution.
* Bundle StrawberryPerl to make command-line utilities like `resty` work out of the box (without
manually installing a Perl).
* Deliver an alternative Win32 binary package built with best debuggin capabilities (like enabling
NGINX debugging logs, disabling C compiler optimizations, and enabling all the assertions and checks).
* Deliver binary packages for 64-bit Windows (Win64).
Details About The Building Process
==================================
Usually you do not need to worry about how the Win32 binaries were built on the maintainers''
side. But if you do, please read on.
The Win32 build of OpenResty is currently built via the MinGW/MSYS toolchain, including
MinGW gcc 4.8.1, MSYS perl, MSYS bash, MSYS make, and etc. Basically, it is currently built via
the following cmmands:
```bash
PCRE=pcre-8.39
ZLIB=zlib-1.2.8
OPENSSL=openssl-1.0.2j
mkdir -p objs/lib || exit 1
cd objs/lib || exit 1
ls ../../..
tar -xf ../../../$OPENSSL.tar.gz || exit 1
tar -xf ../../../$ZLIB.tar.gz || exit 1
tar -xf ../../../$PCRE.tar.gz || exit 1
cd ../..
cd objs/lib/$OPENSSL || exit 1
patch -p1 < ../../../patches/openssl-1.0.2h-sess_set_get_cb_yield.patch || exit 1
cd ../../..
./configure \
--with-cc=gcc \
--with-ipv6 \
--prefix= \
--with-cc-opt='-DFD_SETSIZE=1024' \
--sbin-path=nginx.exe \
--with-pcre-jit \
--without-http_rds_json_module \
--without-http_rds_csv_module \
--without-lua_rds_parser \
--with-ipv6 \
--with-stream \
--with-stream_ssl_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-select_module \
--with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
--with-pcre=objs/lib/$PCRE \
--with-zlib=objs/lib/$ZLIB \
--with-openssl=objs/lib/$OPENSSL \
-j5 || exit 1
make
make install
```
where the dependency library source tarballs for OpenSSL, Zlib, and PCRE are downloaded
from their official sites, respectively.
We automate these commands in a dedicated shell script named [build-win32.sh](https://github.com/openresty/openresty/blob/master/util/build-win32.sh).
Furthermore, we automate the packaging process of the resulting binaries and supporting files
with this [package-win32.sh](https://github.com/openresty/openresty/blob/master/util/package-win32.sh)
script.
Usually you can just download and use the binary distribution of OpenResty without
installing the build toolchain.
Author
======
Yichun "agentzh" Zhang <agentzh@gmail.com>, OpenResty Inc.
Copyright & License
===================
This module is licensed under the BSD license.
Copyright (C) 2015-2016, by Yichun "agentzh" Zhang () <agentzh@gmail.com>, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

238
doc/README-windows.md Normal file
View File

@ -0,0 +1,238 @@
Name
====
README-windows - README for the official 32-bit and 64-bit Windows builds of OpenResty
Table of Contents
=================
* [Name](#name)
* [Description](#description)
* [Debugging](#debugging)
* [Caveats](#caveats)
* [TODO](#todo)
* [Details About The Building Process](#details-about-the-building-process)
* [Author](#author)
* [Copyright & License](#copyright--license)
Description
===========
The official binary Win32 and Win64 distributions of OpenResty can be downloaded from the following web page:
https://openresty.org/en/download.html
To start the NGINX server of the nginx server of the Win32 binary distribution of OpenResty:
```bash
start nginx
```
You can also specify the `-p PATH/` option to override the default server prefix, as in
```bash
cd /path/to/my/openresty/app/
start nginx -p $PWD
```
Then you can use the `tasklist` command to check the nginx processes running in the background:
```console
C:\> tasklist /fi "imagename eq nginx.exe"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
nginx.exe 4616 Console 1 7,412 K
nginx.exe 5836 Console 1 7,800 K
```
One of the two processes is the master process while the other is the worker.
If you are using the MSYS2 bash instead of the `cmd.exe` console, then you should replace the `/fi` option
with `-fi` in the command above instead.
You can quickly shut down the server like this:
```bash
nginx -s stop
```
or gracefully shut it down like this:
```bash
nginx -s quit
```
You can also forcibly kill the nginx processes via their PIDs with `taskkill`, as in
```console
C:\> taskkill /pid 5488 /F
```
where the PID (5488 in this example) can be found via the aforementioned `tasklist` command.
Again, you should use the form `-pid` and `-F` for the options if you are in an MSYS2 bash
session.
Similarly, you can use the `nginx -s reload` command to reload nginx configurations without
stopping the server. And you can use `nginx -s reopen` to instruct nginx to re-open
all the log files.
You can run the `resty` script like this:
```console
C:\> resty -e "ngx.say('Hello, OpenResty!')"
Hello, OpenResty!
```
The `resty` command-line utility requires a Perl interpreter installed in your
system and visible to your PATH environment. Any perl distributions should
work, including StrawberryPerl, ActivePerl, and MSYS2 perl.
recommended though).
Debugging
=========
Debug symbosl are enabled even in release builds. So that when things go very wrong,
one can still debug things with tools like MSYS2 GDB.
Inclusion of debug symbols make the binary files (`.exe` and `.dll` files) much larger,
but it generally will not load into memory during normal execution on a modern operating
system.
Caveats
=======
The Win32/Win64 port of the NGINX core supports the good old `select` IO multiplexing mechanism
only.
The I/O Completion Ports (IOCP) feature is *not* supported (yet). So do not use this build
for production environments with very high concurrency levels.
This Win32/Win64 build of OpenResty is mainly for developers who want to develop their applications
in native Windows environment (though they eventually push the finished work onto a Linux or *BSD box, most of the time).
[Back to TOC](#table-of-contents)
TODO
====
* Add support for more than one NGINX worker processes.
* Add support for concurrent connections more than 1024.
* Switch to the Microsoft Visual Studio compiler toolchain for better performance and easier binary
package redistribution.
* Bundle StrawberryPerl to make command-line utilities like `resty` work out of the box (without
manually installing a Perl).
* Deliver an alternative Win32/Win64 binary package built with best debuggin capabilities (like enabling
NGINX debugging logs, disabling C compiler optimizations, and enabling all the assertions and checks).
[Back to TOC](#table-of-contents)
Details About The Building Process
==================================
Usually you do not need to worry about how the Win32/Win64 binaries were built on the maintainers''
side. But if you do, please read on.
The Win32/Win64 build of OpenResty is currently built via the MSYS2/MinGW toolchain, including
MinGW gcc 7.2.3, MSYS2 perl 5.24.4, MSYS2 bash, MSYS2 make, and etc. Basically, it is currently built via
the following cmmands:
```bash
PCRE=pcre-8.42
ZLIB=zlib-1.2.11
OPENSSL=openssl-1.1.0h
mkdir -p objs/lib || exit 1
cd objs/lib || exit 1
ls ../../..
tar -xf ../../../$OPENSSL.tar.gz || exit 1
tar -xf ../../../$ZLIB.tar.gz || exit 1
tar -xf ../../../$PCRE.tar.gz || exit 1
cd ../..
cd objs/lib/$OPENSSL || exit 1
patch -p1 < ../../../patches/openssl-1.1.0d-sess_set_get_cb_yield.patch || exit 1
cd ../../..
./configure \
--with-cc=gcc \
--with-ipv6 \
--prefix= \
--with-cc-opt='-DFD_SETSIZE=1024' \
--sbin-path=nginx.exe \
--with-pcre-jit \
--without-http_rds_json_module \
--without-http_rds_csv_module \
--without-lua_rds_parser \
--with-ipv6 \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-select_module \
--with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
--with-pcre=objs/lib/$PCRE \
--with-zlib=objs/lib/$ZLIB \
--with-openssl=objs/lib/$OPENSSL \
-j9 || exit 1
make -j9
make install
```
where the dependency library source tarballs for OpenSSL, Zlib, and PCRE are downloaded
from their official sites, respectively.
We automate these commands in a dedicated shell script named [build-win32.sh](https://github.com/openresty/openresty/blob/master/util/build-win32.sh).
Furthermore, we automate the packaging process of the resulting binaries and supporting files
with this [package-win32.sh](https://github.com/openresty/openresty/blob/master/util/package-win32.sh)
script.
Usually you can just download and use the binary distribution of OpenResty without
installing the build toolchain.
[Back to TOC](#table-of-contents)
Author
======
Yichun "agentzh" Zhang <agentzh@gmail.com>, OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright & License
===================
This module is licensed under the BSD license.
Copyright (C) 2015-2018, by Yichun "agentzh" Zhang () <agentzh@gmail.com>, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)

57
patches/nginx-1.13.6-balancer_status_code.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 0f6b3ae..56d44fc 100644 index f8d5707d..6efe0047 100644
--- a/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c
@@ -1368,6 +1368,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) @@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
return; return;
} }
@ -15,13 +15,58 @@ index 0f6b3ae..56d44fc 100644
if (rc == NGX_BUSY) { if (rc == NGX_BUSY) {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index b288f28..9b60e12 100644 index 3e714e5b..dfbb25e0 100644
--- a/src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h
@@ -418,5 +418,6 @@ extern ngx_module_t ngx_http_upstream_module; @@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[]; extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[];
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */ #endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..d8b4b584 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t;
#define NGX_STREAM_OK 200
+#define NGX_STREAM_SPECIAL_RESPONSE 300
#define NGX_STREAM_BAD_REQUEST 400
#define NGX_STREAM_FORBIDDEN 403
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..329dcdc6 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
return;
}
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) {
+ ngx_stream_proxy_finalize(s, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h
index 73947f46..21bc0ad7 100644
--- a/src/stream/ngx_stream_upstream.h
+++ b/src/stream/ngx_stream_upstream.h
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf,
extern ngx_module_t ngx_stream_upstream_module;
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */

263
patches/nginx-1.13.6-resolver_conf_parsing.patch Normal file
View File

@ -0,0 +1,263 @@
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..dade1846 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -9,12 +9,26 @@
#include <ngx_core.h>
#include <ngx_event.h>
+#if !(NGX_WIN32)
+#include <resolv.h>
+#endif
+
#define NGX_RESOLVER_UDP_SIZE 4096
#define NGX_RESOLVER_TCP_RSIZE (2 + 65535)
#define NGX_RESOLVER_TCP_WSIZE 8192
+#if !(NGX_WIN32)
+/*
+ * note that 2KB should be more than enough for majority of the
+ * resolv.conf files out there. it also acts as a safety guard to prevent
+ * abuse.
+ */
+#define NGX_RESOLVER_FILE_BUF_SIZE 2048
+#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf"
+#endif
+
typedef struct {
u_char ident_hi;
@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r,
#endif
+#if !(NGX_WIN32)
+static ngx_int_t
+ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path,
+ size_t path_len)
+{
+ ngx_url_t u;
+ ngx_resolver_connection_t *rec;
+ ngx_fd_t fd;
+ ngx_file_t file;
+ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE];
+ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN];
+ ngx_uint_t address = 0, j, total = 0;
+ ssize_t n, i;
+ enum {
+ sw_nameserver,
+ sw_spaces,
+ sw_address,
+ sw_skip
+ } state;
+
+ file.name.data = path;
+ file.name.len = path_len;
+
+ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+ NGX_FILE_OPEN, 0);
+
+ if (fd == NGX_INVALID_FILE) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ ngx_open_file_n " \"%s\" failed", file.name.data);
+
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&file, sizeof(ngx_file_t));
+
+ file.fd = fd;
+ file.log = cf->log;
+
+ state = sw_nameserver;
+
+ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0);
+
+ if (n == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_read_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_close_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (n == NGX_ERROR) {
+ return NGX_ERROR;
+ }
+
+ if (n == 0) {
+ return NGX_OK;
+ }
+
+ for (i = 0; i < n && total < MAXNS; /* void */) {
+ if (buf[i] == '#' || buf[i] == ';') {
+ state = sw_skip;
+ }
+
+ switch (state) {
+
+ case sw_nameserver:
+
+ if ((size_t) n - i >= sizeof("nameserver") - 1
+ && ngx_memcmp(buf + i, "nameserver",
+ sizeof("nameserver") - 1) == 0)
+ {
+ state = sw_spaces;
+ i += sizeof("nameserver") - 1;
+
+ continue;
+ }
+
+ break;
+
+ case sw_spaces:
+ if (buf[i] != '\t' && buf[i] != ' ') {
+ address = i;
+ state = sw_address;
+ }
+
+ break;
+
+ case sw_address:
+
+ if (buf[i] == CR || buf[i] == LF || i == n - 1) {
+ ngx_memzero(&u, sizeof(ngx_url_t));
+
+ u.url.data = buf + address;
+
+ if (i == n - 1 && buf[i] != CR && buf[i] != LF) {
+ u.url.len = n - address;
+
+ } else {
+ u.url.len = i - address;
+ }
+
+ u.default_port = 53;
+
+ /* IPv6? */
+ if (ngx_strlchr(u.url.data, u.url.data + u.url.len,
+ ':') != NULL)
+ {
+ if (u.url.len + 2 > sizeof(ipv6_buf)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "IPv6 resolver address is too long:"
+ " \"%V\"", &u.url);
+
+ return NGX_ERROR;
+ }
+
+ ipv6_buf[0] = '[';
+ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len);
+ ipv6_buf[u.url.len + 1] = ']';
+
+ u.url.data = ipv6_buf;
+ u.url.len = u.url.len + 2;
+ }
+
+ if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
+ if (u.err) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "%s in resolver \"%V\"",
+ u.err, &u.url);
+ }
+
+ return NGX_ERROR;
+ }
+
+ rec = ngx_array_push_n(&r->connections, u.naddrs);
+ if (rec == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t));
+
+ for (j = 0; j < u.naddrs; j++) {
+ rec[j].sockaddr = u.addrs[j].sockaddr;
+ rec[j].socklen = u.addrs[j].socklen;
+ rec[j].server = u.addrs[j].name;
+ rec[j].resolver = r;
+ }
+
+ total++;
+
+#if (NGX_DEBUG)
+ /*
+ * logs with level below NGX_LOG_NOTICE will not be printed
+ * in this early phase
+ */
+ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0,
+ "parsed a resolver: \"%V\"", &u.url);
+#endif
+
+ state = sw_nameserver;
+ }
+
+ break;
+
+ case sw_skip:
+ if (buf[i] == CR || buf[i] == LF) {
+ state = sw_nameserver;
+ }
+
+ break;
+ }
+
+ i++;
+ }
+
+ return NGX_OK;
+}
+#endif
+
+
ngx_resolver_t *
ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
{
@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
}
#endif
+#if !(NGX_WIN32)
+ if (ngx_strncmp(names[i].data, "local=", 6) == 0) {
+
+ if (ngx_strcmp(&names[i].data[6], "on") == 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ (u_char *)
+ NGX_RESOLVER_FILE_NAME,
+ sizeof(NGX_RESOLVER_FILE_NAME)
+ - 1)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ &names[i].data[6],
+ names[i].len - 6)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ }
+
+ continue;
+ }
+#endif
+
ngx_memzero(&u, sizeof(ngx_url_t));
u.url = names[i];

15
patches/nginx-1.13.6-safe_resolver_ipv6_option.patch
View File

@ -18,10 +18,11 @@ With this option disappearing in Nginx 1.11.5, this patch would allow such tools
to assume "ipv6=off" to be safe regardless of ipv6 support in the current to assume "ipv6=off" to be safe regardless of ipv6 support in the current
build. build.
diff -r a3dc657f4e95 -r 8bf038fe006f src/core/ngx_resolver.c diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c Thu Dec 15 21:44:34 2016 +0300 index dade1846..5a3f0aa4 100644
+++ b/src/core/ngx_resolver.c Thu Dec 15 16:17:01 2016 -0800 --- a/src/core/ngx_resolver.c
@@ -224,14 +224,22 @@ +++ b/src/core/ngx_resolver.c
@@ -426,14 +426,22 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue; continue;
} }
@ -45,11 +46,11 @@ diff -r a3dc657f4e95 -r 8bf038fe006f src/core/ngx_resolver.c
} else { } else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -241,7 +249,6 @@ @@ -443,7 +451,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue; continue;
} }
-#endif -#endif
ngx_memzero(&u, sizeof(ngx_url_t)); #if !(NGX_WIN32)
if (ngx_strncmp(names[i].data, "local=", 6) == 0) {

157
patches/nginx-1.13.6-socket_cloexec.patch Normal file
View File

@ -0,0 +1,157 @@
diff --git a/auto/unix b/auto/unix
index 10835f6c..b5b33bb3 100644
--- a/auto/unix
+++ b/auto/unix
@@ -990,3 +990,27 @@ ngx_feature_test='struct addrinfo *res;
if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1;
freeaddrinfo(res)'
. auto/feature
+
+ngx_feature="SOCK_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);"
+. auto/feature
+
+ngx_feature="FD_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_FD_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <fcntl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);"
+. auto/feature
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..438e0806 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4466,8 +4466,14 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
ngx_event_t *rev, *wev;
ngx_connection_t *c;
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0);
+#endif
+
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s);
if (s == (ngx_socket_t) -1) {
@@ -4494,6 +4500,15 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
rev = c->read;
wev = c->write;
diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
index 77563709..5827b9d0 100644
--- a/src/event/ngx_event_accept.c
+++ b/src/event/ngx_event_accept.c
@@ -62,7 +62,9 @@ ngx_event_accept(ngx_event_t *ev)
#if (NGX_HAVE_ACCEPT4)
if (use_accept4) {
- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK);
+ s = accept4(lc->fd, &sa.sockaddr, &socklen,
+ SOCK_NONBLOCK | SOCK_CLOEXEC);
+
} else {
s = accept(lc->fd, &sa.sockaddr, &socklen);
}
@@ -202,6 +204,16 @@ ngx_event_accept(ngx_event_t *ev)
ngx_close_accepted_connection(c);
return;
}
+
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+ ngx_close_accepted_connection(c);
+ return;
+ }
+#endif
+
}
}
diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c
index c5bb8068..cf33b1d2 100644
--- a/src/event/ngx_event_connect.c
+++ b/src/event/ngx_event_connect.c
@@ -38,8 +38,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
type = (pc->type ? pc->type : SOCK_STREAM);
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(pc->sockaddr->sa_family, type, 0);
+#endif
+
+
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d",
(type == SOCK_STREAM) ? "stream" : "dgram", s);
@@ -80,6 +87,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
if (pc->local) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
diff --git a/src/os/unix/ngx_socket.h b/src/os/unix/ngx_socket.h
index fcc51533..d1eebf47 100644
--- a/src/os/unix/ngx_socket.h
+++ b/src/os/unix/ngx_socket.h
@@ -38,6 +38,17 @@ int ngx_blocking(ngx_socket_t s);
#endif
+#if (NGX_HAVE_FD_CLOEXEC)
+
+#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC)
+#define ngx_cloexec_n "fcntl(FD_CLOEXEC)"
+
+/* at least FD_CLOEXEC is required to ensure connection fd is closed
+ * after execve */
+#define HAVE_SOCKET_CLOEXEC_PATCH 1
+
+#endif
+
int ngx_tcp_nopush(ngx_socket_t s);
int ngx_tcp_push(ngx_socket_t s);

13
patches/nginx-1.13.6-stream_ssl_preread_no_skip.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index e3d11fd9..3717b5fe 100644
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
if (rc != NGX_AGAIN) {
- return rc;
+ return rc == NGX_OK ? NGX_DECLINED : rc;
}
p += len;

11
patches/nginx-1.13.8-always_enable_cc_feature_tests.patch
View File

@ -1,11 +0,0 @@
--- nginx-1.13.8/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800
+++ nginx-1.13.8-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800
@@ -136,7 +136,7 @@ fi
CFLAGS="$CFLAGS $NGX_CC_OPT"
NGX_TEST_LD_OPT="$NGX_LD_OPT"
-if [ "$NGX_PLATFORM" != win32 ]; then
+if [ 1 ]; then
if test -n "$NGX_LD_OPT"; then
ngx_feature=--with-ld-opt=\"$NGX_LD_OPT\"

57
patches/nginx-1.13.8-balancer_status_code.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 0f6b3ae..56d44fc 100644 index f8d5707d..6efe0047 100644
--- a/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c
@@ -1368,6 +1368,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) @@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
return; return;
} }
@ -15,13 +15,58 @@ index 0f6b3ae..56d44fc 100644
if (rc == NGX_BUSY) { if (rc == NGX_BUSY) {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index b288f28..9b60e12 100644 index 3e714e5b..dfbb25e0 100644
--- a/src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h
@@ -418,5 +418,6 @@ extern ngx_module_t ngx_http_upstream_module; @@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[]; extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[];
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */ #endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..d8b4b584 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t;
#define NGX_STREAM_OK 200
+#define NGX_STREAM_SPECIAL_RESPONSE 300
#define NGX_STREAM_BAD_REQUEST 400
#define NGX_STREAM_FORBIDDEN 403
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..329dcdc6 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
return;
}
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) {
+ ngx_stream_proxy_finalize(s, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h
index 73947f46..21bc0ad7 100644
--- a/src/stream/ngx_stream_upstream.h
+++ b/src/stream/ngx_stream_upstream.h
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf,
extern ngx_module_t ngx_stream_upstream_module;
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */

13
patches/nginx-1.13.8-builtin_error_page_footer.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 64e5acd..f5374f6 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -26,7 +26,7 @@ static u_char ngx_http_error_full_tail[] =
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
+"<hr><center>openresty</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

19
patches/nginx-1.13.8-cache_manager_exit.patch
View File

@ -1,19 +0,0 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1383598130 28800
# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa
# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c
Cache: gracefully exit the cache manager process.
diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400
+++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800
@@ -1335,7 +1335,7 @@
if (ngx_terminate || ngx_quit) {
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
- exit(0);
+ ngx_worker_process_exit(cycle);
}
if (ngx_reopen) {

98
patches/nginx-1.13.8-delayed_posted_events.patch
View File

@ -1,98 +0,0 @@
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index 57af8132..4853945f 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
ngx_uint_t flags;
ngx_msec_t timer, delta;
+ ngx_queue_t *q;
+ ngx_event_t *ev;
+
if (ngx_timer_resolution) {
timer = NGX_TIMER_INFINITE;
flags = 0;
@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
#endif
}
+ if (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "posted delayed event queue not empty"
+ " making poll timeout 0");
+ timer = 0;
+ }
+
if (ngx_use_accept_mutex) {
if (ngx_accept_disabled > 0) {
ngx_accept_disabled--;
@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
}
ngx_event_process_posted(cycle, &ngx_posted_events);
+
+ while (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ q = ngx_queue_head(&ngx_posted_delayed_events);
+
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ if (ev->delayed) {
+ /* start of newly inserted nodes */
+ for (/* void */;
+ q != ngx_queue_sentinel(&ngx_posted_delayed_events);
+ q = ngx_queue_next(q))
+ {
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ ev->delayed = 0;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "skipping delayed posted event %p,"
+ " till next iteration", ev);
+ }
+
+ break;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "delayed posted event %p", ev);
+
+ ngx_delete_posted_event(ev);
+
+ ev->handler(ev);
+ }
}
@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
ngx_queue_init(&ngx_posted_accept_events);
ngx_queue_init(&ngx_posted_events);
+ ngx_queue_init(&ngx_posted_delayed_events);
if (ngx_event_timer_init(cycle->log) == NGX_ERROR) {
return NGX_ERROR;
diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c
index d851f3d1..b6cea009 100644
--- a/src/event/ngx_event_posted.c
+++ b/src/event/ngx_event_posted.c
@@ -12,6 +12,7 @@
ngx_queue_t ngx_posted_accept_events;
ngx_queue_t ngx_posted_events;
+ngx_queue_t ngx_posted_delayed_events;
void
diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h
index 145d30fe..6c388553 100644
--- a/src/event/ngx_event_posted.h
+++ b/src/event/ngx_event_posted.h
@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted);
extern ngx_queue_t ngx_posted_accept_events;
extern ngx_queue_t ngx_posted_events;
+extern ngx_queue_t ngx_posted_delayed_events;
+
+#define HAVE_POSTED_DELAYED_EVENTS_PATCH
#endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */

1159
patches/nginx-1.13.8-dtrace.patch
View File

File diff suppressed because it is too large Load Diff

11
patches/nginx-1.13.8-gcc-maybe-uninitialized-warning.patch
View File

@ -1,11 +0,0 @@
--- nginx-1.13.8/src/http/ngx_http_request.c 2013-05-06 03:26:50.000000000 -0700
+++ nginx-1.13.8-patched/src/http/ngx_http_request.c 2013-06-11 12:59:48.008321688 -0700
@@ -1951,7 +1951,7 @@
ngx_int_t rc;
ngx_http_connection_t *hc;
ngx_http_core_loc_conf_t *clcf;
- ngx_http_core_srv_conf_t *cscf;
+ ngx_http_core_srv_conf_t *cscf = NULL;
hc = r->http_connection;

20
patches/nginx-1.13.8-hash_overflow.patch
View File

@ -1,20 +0,0 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1412276417 25200
# Thu Oct 02 12:00:17 2014 -0700
# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5
# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd
Hash: buffer overflow might happen when exceeding the pre-configured limits.
diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c
--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700
+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
continue;
}
+ size--;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "

59
patches/nginx-1.13.8-init_cycle_pool_release.patch
View File

@ -1,59 +0,0 @@
diff -rup nginx-1.13.8/src/core/nginx.c nginx-1.13.8-patched/src/core/nginx.c
--- nginx-1.13.8/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800
+++ nginx-1.13.8-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800
@@ -186,6 +186,7 @@ static u_char *ngx_prefix;
static u_char *ngx_conf_file;
static u_char *ngx_conf_params;
static char *ngx_signal;
+ngx_pool_t *saved_init_cycle_pool = NULL;
static char **ngx_os_environ;
@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
return 1;
}
+ saved_init_cycle_pool = init_cycle.pool;
+
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
return 1;
}
diff -rup nginx-1.13.8/src/core/ngx_core.h nginx-1.13.8-patched/src/core/ngx_core.h
--- nginx-1.13.8/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800
@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
#endif
+extern ngx_pool_t *saved_init_cycle_pool;
+
#endif /* _NGX_CORE_H_INCLUDED_ */
diff -rup nginx-1.13.8/src/core/ngx_cycle.c nginx-1.13.8-patched/src/core/ngx_cycle.c
--- nginx-1.13.8/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800
@@ -748,6 +748,10 @@ old_shm_zone_done:
if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
+ if (ngx_is_init_cycle(old_cycle)) {
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(old_cycle->pool);
cycle->old_cycle = NULL;
diff -rup nginx-1.13.8/src/os/unix/ngx_process_cycle.c nginx-1.13.8-patched/src/os/unix/ngx_process_cycle.c
--- nginx-1.13.8/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800
+++ nginx-1.13.8-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800
@@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
ngx_exit_cycle.files_n = ngx_cycle->files_n;
ngx_cycle = &ngx_exit_cycle;
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
+ ngx_destroy_pool(saved_init_cycle_pool);
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(cycle->pool);
exit(0);

60
patches/nginx-1.13.8-intercept_error_log.patch
View File

@ -1,60 +0,0 @@
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..4c335b9 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,9 +22,14 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_INTERCEPT_ERROR_LOG_PATCH
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
+typedef ngx_int_t (*ngx_log_intercept_pt) (ngx_log_t *log, ngx_uint_t level,
+ u_char *buf, size_t len);
struct ngx_shm_zone_s {
void *data;
@@ -75,6 +80,10 @@ struct ngx_cycle_s {
ngx_str_t prefix;
ngx_str_t lock_file;
ngx_str_t hostname;
+
+ ngx_log_intercept_pt intercept_error_log_handler;
+ void *intercept_error_log_data;
+ unsigned entered_logger; /* :1 */
};
diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c
index 8e9408d..ed9b11b 100644
--- a/src/core/ngx_log.c
+++ b/src/core/ngx_log.c
@@ -112,6 +112,8 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
ngx_uint_t wrote_stderr, debug_connection;
u_char errstr[NGX_MAX_ERROR_STR];
+ ngx_log_intercept_pt log_intercept = NULL;
+
last = errstr + NGX_MAX_ERROR_STR;
p = ngx_cpymem(errstr, ngx_cached_err_log_time.data,
@@ -153,6 +155,16 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
p = last - NGX_LINEFEED_SIZE;
}
+ if (ngx_cycle) {
+ log_intercept = ngx_cycle->intercept_error_log_handler;
+ }
+
+ if (log_intercept && !ngx_cycle->entered_logger) {
+ ngx_cycle->entered_logger = 1;
+ log_intercept(log, level, errstr, p - errstr);
+ ngx_cycle->entered_logger = 0;
+ }
+
ngx_linefeed(p);
wrote_stderr = 0;

13
patches/nginx-1.13.8-larger_max_error_str.patch
View File

@ -1,13 +0,0 @@
--- nginx-1.13.8/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800
@@ -64,7 +64,9 @@ struct ngx_log_s {
};
-#define NGX_MAX_ERROR_STR 2048
+#ifndef NGX_MAX_ERROR_STR
+#define NGX_MAX_ERROR_STR 4096
+#endif
/*********************************/

117
patches/nginx-1.13.8-log_escape_non_ascii.patch
View File

@ -1,117 +0,0 @@
diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c
index 917ed55f..b769dfd3 100644
--- a/src/http/modules/ngx_http_log_module.c
+++ b/src/http/modules/ngx_http_log_module.c
@@ -79,6 +79,8 @@ typedef struct {
time_t open_file_cache_valid;
ngx_uint_t open_file_cache_min_uses;
+ ngx_flag_t escape_non_ascii;
+
ngx_uint_t off; /* unsigned off:1 */
} ngx_http_log_loc_conf_t;
@@ -131,7 +133,8 @@ static size_t ngx_http_log_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_variable(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op);
-static uintptr_t ngx_http_log_escape(u_char *dst, u_char *src, size_t size);
+static uintptr_t ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst,
+ u_char *src, size_t size);
static size_t ngx_http_log_json_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_json_variable(ngx_http_request_t *r, u_char *buf,
@@ -177,6 +180,13 @@ static ngx_command_t ngx_http_log_commands[] = {
0,
NULL },
+ { ngx_string("log_escape_non_ascii"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_log_loc_conf_t, escape_non_ascii),
+ NULL },
+
ngx_null_command
};
@@ -935,6 +945,7 @@ static size_t
ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
{
uintptr_t len;
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, data);
@@ -943,7 +954,9 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
return 1;
}
- len = ngx_http_log_escape(NULL, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+
+ len = ngx_http_log_escape(lcf, NULL, value->data, value->len);
value->escape = len ? 1 : 0;
@@ -954,6 +967,7 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
static u_char *
ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
{
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, op->data);
@@ -967,16 +981,18 @@ ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
return ngx_cpymem(buf, value->data, value->len);
} else {
- return (u_char *) ngx_http_log_escape(buf, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+ return (u_char *) ngx_http_log_escape(lcf, buf, value->data, value->len);
}
}
static uintptr_t
-ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
+ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst, u_char *src,
+ size_t size)
{
- ngx_uint_t n;
- static u_char hex[] = "0123456789ABCDEF";
+ ngx_uint_t n;
+ static u_char hex[] = "0123456789ABCDEF";
static uint32_t escape[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
@@ -996,6 +1012,12 @@ ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
+ if (lcf->escape_non_ascii) {
+ ngx_memset(&escape[4], 0xff, sizeof(uint32_t) * 4);
+
+ } else {
+ ngx_memzero(&escape[4], sizeof(uint32_t) * 4);
+ }
if (dst == NULL) {
@@ -1120,6 +1142,7 @@ ngx_http_log_create_loc_conf(ngx_conf_t *cf)
}
conf->open_file_cache = NGX_CONF_UNSET_PTR;
+ conf->escape_non_ascii = NGX_CONF_UNSET;
return conf;
}
@@ -1135,6 +1158,8 @@ ngx_http_log_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_log_fmt_t *fmt;
ngx_http_log_main_conf_t *lmcf;
+ ngx_conf_merge_value(conf->escape_non_ascii, prev->escape_non_ascii, 1);
+
if (conf->open_file_cache == NGX_CONF_UNSET_PTR) {
conf->open_file_cache = prev->open_file_cache;

36
patches/nginx-1.13.8-no_Werror.patch
View File

@ -1,36 +0,0 @@
diff -urp nginx-1.13.8/auto/cc/clang nginx-1.13.8-patched/auto/cc/clang
--- nginx-1.13.8/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.13.8-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700
@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali
CFLAGS="$CFLAGS -Wno-unused-parameter"
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.13.8/auto/cc/gcc nginx-1.13.8-patched/auto/cc/gcc
--- nginx-1.13.8/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.13.8-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700
@@ -168,7 +168,7 @@ esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.13.8/auto/cc/icc nginx-1.13.8-patched/auto/cc/icc
--- nginx-1.13.8/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.13.8-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700
@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in
esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"

91
patches/nginx-1.13.8-no_error_pages.patch
View File

@ -1,91 +0,0 @@
diff -upr nginx-1.13.8/src/http/ngx_http_core_module.c nginx-1.13.8-patched/src/http/ngx_http_core_module.c
--- nginx-1.13.8/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700
+++ nginx-1.13.8-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700
@@ -61,6 +61,8 @@ static char *ngx_http_core_directio(ngx_
void *conf);
static char *ngx_http_core_error_page(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_http_core_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_core_error_log(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -647,6 +649,14 @@ static ngx_command_t ngx_http_core_comm
0,
NULL },
+ { ngx_string("no_error_pages"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
+ |NGX_CONF_NOARGS,
+ ngx_http_core_no_error_pages,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("post_action"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -3334,7 +3344,6 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->types = NULL;
* clcf->default_type = { 0, NULL };
* clcf->error_log = NULL;
- * clcf->error_pages = NULL;
* clcf->client_body_path = NULL;
* clcf->regex = NULL;
* clcf->exact_match = 0;
@@ -3344,6 +3353,7 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->keepalive_disable = 0;
*/
+ clcf->error_pages = NGX_CONF_UNSET_PTR;
clcf->client_max_body_size = NGX_CONF_UNSET;
clcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE;
clcf->client_body_timeout = NGX_CONF_UNSET_MSEC;
@@ -3543,9 +3553,7 @@ ngx_http_core_merge_loc_conf(ngx_conf_t
}
}
- if (conf->error_pages == NULL && prev->error_pages) {
- conf->error_pages = prev->error_pages;
- }
+ ngx_conf_merge_ptr_value(conf->error_pages, prev->error_pages, NULL);
ngx_conf_merge_str_value(conf->default_type,
prev->default_type, "text/plain");
@@ -4553,6 +4561,10 @@ ngx_http_core_error_page(ngx_conf_t *cf,
ngx_http_compile_complex_value_t ccv;
if (clcf->error_pages == NULL) {
+ return "conflicts with \"no_error_pages\"";
+ }
+
+ if (clcf->error_pages == NGX_CONF_UNSET_PTR) {
clcf->error_pages = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_err_page_t));
if (clcf->error_pages == NULL) {
@@ -4655,6 +4667,25 @@ ngx_http_core_error_page(ngx_conf_t *cf,
return NGX_CONF_OK;
}
+
+
+static char *
+ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_core_loc_conf_t *clcf = conf;
+
+ if (clcf->error_pages == NULL) {
+ return "is duplicate";
+ }
+
+ if (clcf->error_pages != NGX_CONF_UNSET_PTR) {
+ return "conflicts with \"error_page\"";
+ }
+
+ clcf->error_pages = NULL;
+
+ return NGX_CONF_OK;
+}
static char *

587
patches/nginx-1.13.8-no_pool.patch
View File

@ -1,587 +0,0 @@
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.13.8/src/core/nginx.h nginx-1.13.8-patched/src/core/nginx.h
--- nginx-1.13.8/src/core/nginx.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.13.8-patched/src/core/nginx.h 2016-04-21 16:25:07.452944624 -0700
@@ -10,7 +10,7 @@
#define nginx_version 1013008
#define NGINX_VERSION "1.13.8"
-#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown (no pool)"
#ifdef NGX_BUILD
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.13.8/src/core/ngx_array.c nginx-1.13.8-patched/src/core/ngx_array.c
--- nginx-1.13.8/src/core/ngx_array.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_array.c 2016-04-21 16:25:07.453947190 -0700
@@ -30,26 +30,30 @@ ngx_array_create(ngx_pool_t *p, ngx_uint
void
ngx_array_destroy(ngx_array_t *a)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last) {
- p->d.last -= a->size * a->nalloc;
+ if (a->elts) {
+ ngx_pfree(p, a->elts);
}
- if ((u_char *) a + sizeof(ngx_array_t) == p->d.last) {
- p->d.last = (u_char *) a;
+ for (link = a->old_elts; link; link = link->next) {
+ ngx_pfree(p, link->elts);
}
+
+ ngx_pfree(p, a);
}
void *
ngx_array_push(ngx_array_t *a)
{
- void *elt, *new;
- size_t size;
- ngx_pool_t *p;
+ void *elt, *new;
+ size_t size;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
if (a->nelts == a->nalloc) {
@@ -59,29 +63,27 @@ ngx_array_push(ngx_array_t *a)
p = a->pool;
- if ((u_char *) a->elts + size == p->d.last
- && p->d.last + a->size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
-
- p->d.last += a->size;
- a->nalloc++;
+ /* allocate a new array */
- } else {
- /* allocate a new array */
+ new = ngx_palloc(p, 2 * size);
+ if (new == NULL) {
+ return NULL;
+ }
- new = ngx_palloc(p, 2 * size);
- if (new == NULL) {
- return NULL;
- }
+ ngx_memcpy(new, a->elts, size);
- ngx_memcpy(new, a->elts, size);
- a->elts = new;
- a->nalloc *= 2;
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
}
+
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
+
+ a->elts = new;
+ a->nalloc *= 2;
}
elt = (u_char *) a->elts + a->size * a->nelts;
@@ -95,11 +97,10 @@ void *
ngx_array_push_n(ngx_array_t *a, ngx_uint_t n)
{
void *elt, *new;
- size_t size;
ngx_uint_t nalloc;
ngx_pool_t *p;
- size = n * a->size;
+ ngx_array_link_t *link;
if (a->nelts + n > a->nalloc) {
@@ -107,31 +108,27 @@ ngx_array_push_n(ngx_array_t *a, ngx_uin
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last
- && p->d.last + size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
+ nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
- p->d.last += size;
- a->nalloc += n;
+ new = ngx_palloc(p, nalloc * a->size);
+ if (new == NULL) {
+ return NULL;
+ }
- } else {
- /* allocate a new array */
+ ngx_memcpy(new, a->elts, a->nelts * a->size);
- nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
+ }
- new = ngx_palloc(p, nalloc * a->size);
- if (new == NULL) {
- return NULL;
- }
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
- ngx_memcpy(new, a->elts, a->nelts * a->size);
- a->elts = new;
- a->nalloc = nalloc;
- }
+ a->elts = new;
+ a->nalloc = nalloc;
}
elt = (u_char *) a->elts + a->size * a->nelts;
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.13.8/src/core/ngx_array.h nginx-1.13.8-patched/src/core/ngx_array.h
--- nginx-1.13.8/src/core/ngx_array.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_array.h 2016-04-21 16:25:07.453947190 -0700
@@ -13,12 +13,23 @@
#include <ngx_core.h>
+typedef struct ngx_array_link_s ngx_array_link_t;
+
+
+struct ngx_array_link_s {
+ void *elts;
+ ngx_array_link_t *next;
+};
+
+
typedef struct {
void *elts;
ngx_uint_t nelts;
size_t size;
ngx_uint_t nalloc;
ngx_pool_t *pool;
+
+ ngx_array_link_t *old_elts;
} ngx_array_t;
@@ -40,6 +51,7 @@ ngx_array_init(ngx_array_t *array, ngx_p
array->size = size;
array->nalloc = n;
array->pool = pool;
+ array->old_elts = NULL;
array->elts = ngx_palloc(pool, n * size);
if (array->elts == NULL) {
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.13.8/src/core/ngx_palloc.c nginx-1.13.8-patched/src/core/ngx_palloc.c
--- nginx-1.13.8/src/core/ngx_palloc.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_palloc.c 2016-04-21 16:25:45.912282685 -0700
@@ -9,34 +9,26 @@
#include <ngx_core.h>
-static ngx_inline void *ngx_palloc_small(ngx_pool_t *pool, size_t size,
- ngx_uint_t align);
-static void *ngx_palloc_block(ngx_pool_t *pool, size_t size);
-static void *ngx_palloc_large(ngx_pool_t *pool, size_t size);
+static void * ngx_malloc(ngx_pool_t *pool, size_t size);
ngx_pool_t *
ngx_create_pool(size_t size, ngx_log_t *log)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
- p = ngx_memalign(NGX_POOL_ALIGNMENT, size, log);
+ size = sizeof(ngx_pool_t);
+ p = ngx_alloc(size, log);
if (p == NULL) {
return NULL;
}
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.end = (u_char *) p + size;
- p->d.next = NULL;
- p->d.failed = 0;
+ ngx_memzero(p, size);
size = size - sizeof(ngx_pool_t);
p->max = (size < NGX_MAX_ALLOC_FROM_POOL) ? size : NGX_MAX_ALLOC_FROM_POOL;
p->current = p;
- p->chain = NULL;
- p->large = NULL;
- p->cleanup = NULL;
p->log = log;
return p;
@@ -46,8 +38,7 @@ ngx_create_pool(size_t size, ngx_log_t *
void
ngx_destroy_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p, *n;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
ngx_pool_cleanup_t *c;
for (c = pool->cleanup; c; c = c->next) {
@@ -58,6 +49,11 @@ ngx_destroy_pool(ngx_pool_t *pool)
}
}
+ if (pool->d == NULL) {
+ ngx_free(pool);
+ return;
+ }
+
#if (NGX_DEBUG)
/*
@@ -65,13 +61,9 @@ ngx_destroy_pool(ngx_pool_t *pool)
* so we cannot use this log while free()ing the pool
*/
- for (l = pool->large; l; l = l->next) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", l->alloc);
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
ngx_log_debug2(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p, unused: %uz", p, p->d.end - p->d.last);
+ "free: %p, unused: %d", d, 0);
if (n == NULL) {
break;
@@ -80,171 +72,82 @@ ngx_destroy_pool(ngx_pool_t *pool)
#endif
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
- }
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
- ngx_free(p);
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ ngx_free(d->alloc);
+ ngx_free(d);
if (n == NULL) {
break;
}
}
+
+ pool->d = NULL;
+ ngx_free(pool);
}
void
ngx_reset_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
+ ngx_pool_data_t *saved = NULL;
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
+ if (pool->d) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ if (d->alloc == pool->log) {
+ saved = d;
+ continue;
+ }
+
+ ngx_free(d->alloc);
+ ngx_free(d);
+
+ if (n == NULL) {
+ break;
+ }
}
- }
- for (p = pool; p; p = p->d.next) {
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.failed = 0;
+ pool->d = saved;
+ pool->current = pool;
+ pool->chain = NULL;
}
-
- pool->current = pool;
- pool->chain = NULL;
- pool->large = NULL;
}
void *
ngx_palloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 1);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
+ return ngx_malloc(pool, size);
}
void *
ngx_pnalloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 0);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
-}
-
-
-static ngx_inline void *
-ngx_palloc_small(ngx_pool_t *pool, size_t size, ngx_uint_t align)
-{
- u_char *m;
- ngx_pool_t *p;
-
- p = pool->current;
-
- do {
- m = p->d.last;
-
- if (align) {
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- }
-
- if ((size_t) (p->d.end - m) >= size) {
- p->d.last = m + size;
-
- return m;
- }
-
- p = p->d.next;
-
- } while (p);
-
- return ngx_palloc_block(pool, size);
-}
-
-
-static void *
-ngx_palloc_block(ngx_pool_t *pool, size_t size)
-{
- u_char *m;
- size_t psize;
- ngx_pool_t *p, *new;
-
- psize = (size_t) (pool->d.end - (u_char *) pool);
-
- m = ngx_memalign(NGX_POOL_ALIGNMENT, psize, pool->log);
- if (m == NULL) {
- return NULL;
- }
-
- new = (ngx_pool_t *) m;
-
- new->d.end = m + psize;
- new->d.next = NULL;
- new->d.failed = 0;
-
- m += sizeof(ngx_pool_data_t);
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- new->d.last = m + size;
-
- for (p = pool->current; p->d.next; p = p->d.next) {
- if (p->d.failed++ > 4) {
- pool->current = p->d.next;
- }
- }
-
- p->d.next = new;
-
- return m;
+ return ngx_malloc(pool, size);
}
static void *
-ngx_palloc_large(ngx_pool_t *pool, size_t size)
+ngx_malloc(ngx_pool_t *pool, size_t size)
{
- void *p;
- ngx_uint_t n;
- ngx_pool_large_t *large;
+ void *p;
+ ngx_pool_data_t *d;
p = ngx_alloc(size, pool->log);
if (p == NULL) {
return NULL;
}
- n = 0;
-
- for (large = pool->large; large; large = large->next) {
- if (large->alloc == NULL) {
- large->alloc = p;
- return p;
- }
-
- if (n++ > 3) {
- break;
- }
- }
-
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
@@ -253,38 +156,48 @@ void *
ngx_pmemalign(ngx_pool_t *pool, size_t size, size_t alignment)
{
void *p;
- ngx_pool_large_t *large;
+ ngx_pool_data_t *d;
p = ngx_memalign(alignment, size, pool->log);
if (p == NULL) {
return NULL;
}
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
ngx_int_t
-ngx_pfree(ngx_pool_t *pool, void *p)
+ngx_pfree(ngx_pool_t *pool, void *data)
{
- ngx_pool_large_t *l;
+ ngx_pool_data_t *p, *d;
- for (l = pool->large; l; l = l->next) {
- if (p == l->alloc) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p", l->alloc);
- ngx_free(l->alloc);
- l->alloc = NULL;
+ p = NULL;
+ for (d = pool->d; d; p = d, d = d->next) {
+ if (data == d->alloc) {
+
+ ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", d->alloc);
+
+ ngx_free(d->alloc);
+ d->alloc = NULL;
+
+ if (p) {
+ p->next = d->next;
+
+ } else {
+ pool->d = d->next;
+ }
+
+ ngx_free(d);
return NGX_OK;
}
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.13.8/src/core/ngx_palloc.h nginx-1.13.8-patched/src/core/ngx_palloc.h
--- nginx-1.13.8/src/core/ngx_palloc.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.13.8-patched/src/core/ngx_palloc.h 2016-04-21 16:25:07.454949755 -0700
@@ -38,28 +38,21 @@ struct ngx_pool_cleanup_s {
};
-typedef struct ngx_pool_large_s ngx_pool_large_t;
-
-struct ngx_pool_large_s {
- ngx_pool_large_t *next;
- void *alloc;
-};
+typedef struct ngx_pool_data_s ngx_pool_large_t;
+typedef struct ngx_pool_data_s ngx_pool_data_t;
-typedef struct {
- u_char *last;
- u_char *end;
- ngx_pool_t *next;
- ngx_uint_t failed;
-} ngx_pool_data_t;
+struct ngx_pool_data_s {
+ ngx_pool_data_t *next;
+ void *alloc;
+};
struct ngx_pool_s {
- ngx_pool_data_t d;
+ ngx_pool_data_t *d;
size_t max;
ngx_pool_t *current;
ngx_chain_t *chain;
- ngx_pool_large_t *large;
ngx_pool_cleanup_t *cleanup;
ngx_log_t *log;
};

26
patches/nginx-1.13.8-pcre_conf_opt.patch
View File

@ -1,26 +0,0 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1386694955 28800
# Node ID 9ba6b149669f1f02eeb4cdc0ebd364a949b5c469
# Parent 30e806b8636af5fd3f03ec17df24801f390f7511
Configure: added new option --with-pcre-conf-opt=OPTIONS.
diff -r 30e806b8636a -r 9ba6b149669f auto/options
--- a/auto/options Mon Dec 09 10:16:44 2013 +0400
+++ b/auto/options Tue Dec 10 09:02:35 2013 -0800
@@ -286,6 +286,7 @@
--with-pcre) USE_PCRE=YES ;;
--with-pcre=*) PCRE="$value" ;;
--with-pcre-opt=*) PCRE_OPT="$value" ;;
+ --with-pcre-conf-opt=*) PCRE_CONF_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
--with-openssl=*) OPENSSL="$value" ;;
@@ -441,6 +442,7 @@
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
+ --with-pcre-conf-opt=OPTIONS set additional configure options for PCRE
--with-pcre-jit build PCRE with JIT compilation support
--with-md5=DIR set path to md5 library sources

211
patches/nginx-1.13.8-privileged_agent_process.patch
View File

@ -1,211 +0,0 @@
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 60f8fe7..4bd244b 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -981,6 +981,7 @@ ngx_core_module_create_conf(ngx_cycle_t *cycle)
ccf->daemon = NGX_CONF_UNSET;
ccf->master = NGX_CONF_UNSET;
+ ccf->privileged_agent = NGX_CONF_UNSET;
ccf->timer_resolution = NGX_CONF_UNSET_MSEC;
ccf->worker_processes = NGX_CONF_UNSET;
@@ -1009,6 +1010,7 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->daemon, 1);
ngx_conf_init_value(ccf->master, 1);
+ ngx_conf_init_value(ccf->privileged_agent, 0);
ngx_conf_init_msec_value(ccf->timer_resolution, 0);
ngx_conf_init_value(ccf->worker_processes, 1);
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..3261f90 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,6 +22,9 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_PRIVILEGED_PROCESS_PATCH 1
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
@@ -81,6 +84,7 @@ struct ngx_cycle_s {
typedef struct {
ngx_flag_t daemon;
ngx_flag_t master;
+ ngx_flag_t privileged_agent;
ngx_msec_t timer_resolution;
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 7cee1c5..c4f70d6 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -15,6 +15,8 @@ static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n,
ngx_int_t type);
static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle,
ngx_uint_t respawn);
+static void ngx_start_privileged_agent_processes(ngx_cycle_t *cycle,
+ ngx_uint_t respawn);
static void ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch);
static void ngx_signal_worker_processes(ngx_cycle_t *cycle, int signo);
static ngx_uint_t ngx_reap_children(ngx_cycle_t *cycle);
@@ -24,6 +26,7 @@ static void ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker);
static void ngx_worker_process_exit(ngx_cycle_t *cycle);
static void ngx_channel_handler(ngx_event_t *ev);
static void ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data);
+static void ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data);
static void ngx_cache_manager_process_handler(ngx_event_t *ev);
static void ngx_cache_loader_process_handler(ngx_event_t *ev);
@@ -51,6 +54,8 @@ sig_atomic_t ngx_noaccept;
ngx_uint_t ngx_noaccepting;
ngx_uint_t ngx_restart;
+ngx_uint_t ngx_is_privileged_agent;
+
static u_char master_process[] = "master process";
@@ -130,6 +135,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_new_binary = 0;
delay = 0;
@@ -224,6 +230,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_noaccepting = 0;
continue;
@@ -243,6 +250,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_JUST_RESPAWN);
ngx_start_cache_manager_processes(cycle, 1);
+ ngx_start_privileged_agent_processes(cycle, 1);
/* allow new processes to start */
ngx_msleep(100);
@@ -257,6 +265,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
live = 1;
}
@@ -424,6 +433,34 @@ ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
static void
+ngx_start_privileged_agent_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
+{
+ ngx_channel_t ch;
+ ngx_core_conf_t *ccf;
+
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx,
+ ngx_core_module);
+
+ if (!ccf->privileged_agent) {
+ return;
+ }
+
+ ngx_spawn_process(cycle, ngx_privileged_agent_process_cycle,
+ "privileged agent process", "privileged agent process",
+ respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN);
+
+ ngx_memzero(&ch, sizeof(ngx_channel_t));
+
+ ch.command = NGX_CMD_OPEN_CHANNEL;
+ ch.pid = ngx_processes[ngx_process_slot].pid;
+ ch.slot = ngx_process_slot;
+ ch.fd = ngx_processes[ngx_process_slot].channel[0];
+
+ ngx_pass_open_channel(cycle, &ch);
+}
+
+
+static void
ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch)
{
ngx_int_t i;
@@ -827,7 +864,10 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
}
}
- if (geteuid() == 0) {
+ /*
+ * privileged agent process has the same permission as master process
+ */
+ if (!ngx_is_privileged_agent && geteuid() == 0) {
if (setgid(ccf->group) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"setgid(%d) failed", ccf->group);
@@ -1144,6 +1184,47 @@ ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data)
static void
+ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
+{
+ char *name = data;
+
+ /*
+ * Set correct process type since closing listening Unix domain socket
+ * in a master process also removes the Unix domain socket file.
+ */
+ ngx_process = NGX_PROCESS_HELPER;
+ ngx_is_privileged_agent = 1;
+
+ ngx_close_listening_sockets(cycle);
+
+ /* Set a moderate number of connections for a helper process. */
+ cycle->connection_n = 512;
+
+ ngx_worker_process_init(cycle, -1);
+
+ ngx_use_accept_mutex = 0;
+
+ ngx_setproctitle(name);
+
+ for ( ;; ) {
+
+ if (ngx_terminate || ngx_quit) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+ ngx_worker_process_exit(cycle);
+ }
+
+ if (ngx_reopen) {
+ ngx_reopen = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
+ ngx_reopen_files(cycle, -1);
+ }
+
+ ngx_process_events_and_timers(cycle);
+ }
+}
+
+
+static void
ngx_cache_manager_process_handler(ngx_event_t *ev)
{
time_t next, n;
diff --git a/src/os/unix/ngx_process_cycle.h b/src/os/unix/ngx_process_cycle.h
index 69495d5..5149396 100644
--- a/src/os/unix/ngx_process_cycle.h
+++ b/src/os/unix/ngx_process_cycle.h
@@ -45,6 +45,7 @@ extern ngx_pid_t ngx_new_binary;
extern ngx_uint_t ngx_inherited;
extern ngx_uint_t ngx_daemonized;
extern ngx_uint_t ngx_exiting;
+extern ngx_uint_t ngx_is_privileged_agent;
extern sig_atomic_t ngx_reap;
extern sig_atomic_t ngx_sigio;

19
patches/nginx-1.13.8-proxy_host_port_vars.patch
View File

@ -1,19 +0,0 @@
--- nginx-1.13.8/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
+++ nginx-1.13.8-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach
static ngx_http_variable_t ngx_http_proxy_vars[] = {
{ ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_add_x_forwarded_for"), NULL,
- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
+ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 },
#if 0
{ ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 },

55
patches/nginx-1.13.8-safe_resolver_ipv6_option.patch
View File

@ -1,55 +0,0 @@
# HG changeset patch
# User Thibault Charbonnier <thibaultcha@fastmail.com>
# Date 1481847421 28800
# Thu Dec 15 16:17:01 2016 -0800
# Node ID 8bf038fe006fd8ae253d6b41fc6cf109a8912d3e
# Parent a3dc657f4e9530623683e6b85bd7492662e4dc47
Resolver: ignore ipv6=off resolver option when no ipv6 support
Makes the resolver directive more robust: we only error out when ipv6
resolution is desired but not supported (ipv6=on).
use case 1: some configurations are sometimes re-used between builds with and
without ipv6 support. This patch avoids the need to remove the "ipv6=off" flag.
use case 2: currently, some tools rely on the --with-ipv6 configure option from
"nginx -V" to determine if ipv6 resolution should be disabled in some cases.
With this option disappearing in Nginx 1.11.5, this patch would allow such tools
to assume "ipv6=off" to be safe regardless of ipv6 support in the current
build.
diff -r a3dc657f4e95 -r 8bf038fe006f src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c Thu Dec 15 21:44:34 2016 +0300
+++ b/src/core/ngx_resolver.c Thu Dec 15 16:17:01 2016 -0800
@@ -224,14 +224,22 @@
continue;
}
-#if (NGX_HAVE_INET6)
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 1;
+#else
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "no ipv6 support but \"%V\" in resolver",
+ &names[i]);
+ return NULL;
+#endif
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 0;
+#endif
} else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -241,7 +249,6 @@
continue;
}
-#endif
ngx_memzero(&u, sizeof(ngx_url_t));

39
patches/nginx-1.13.8-server_header.patch
View File

@ -1,39 +0,0 @@
diff --git a/src/core/nginx.h b/src/core/nginx.h
index a3c0ef8..1263881 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -11,7 +11,7 @@
#define nginx_version 1013008
#define NGINX_VERSION "1.13.8"
-#define NGINX_VER "nginx/" NGINX_VERSION
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
#ifdef NGX_BUILD
#define NGINX_VER_BUILD NGINX_VER " (" NGX_BUILD ")"
diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c
index 9b89405..ca13f2a 100644
--- a/src/http/ngx_http_header_filter_module.c
+++ b/src/http/ngx_http_header_filter_module.c
@@ -46,7 +46,7 @@ ngx_module_t ngx_http_header_filter_module = {
};
-static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
+static u_char ngx_http_server_string[] = "Server: openresty" CRLF;
static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index 8621e7a..a76c677 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -143,7 +143,7 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
ngx_http_core_srv_conf_t *cscf;
u_char addr[NGX_SOCKADDR_STRLEN];
- static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
+ static const u_char nginx[8] = "\x87\x3d\x65\xaa\xc2\xa1\x3e\xbf";
#if (NGX_HTTP_GZIP)
static const u_char accept_encoding[12] =
"\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";

44
patches/nginx-1.13.8-setting_args_invalidates_uri.patch
View File

@ -1,44 +0,0 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1390506359 28800
# Node ID 17186b98c235c07e94c64e5853689f790f173756
# Parent 4b50d1f299d8a69f3e3f7975132e1490352642fe
Variable: setting $args should invalidate unparsed uri.
diff -r 4b50d1f299d8 -r 17186b98c235 src/http/ngx_http_variables.c
--- a/src/http/ngx_http_variables.c Fri Jan 10 11:22:14 2014 -0800
+++ b/src/http/ngx_http_variables.c Thu Jan 23 11:45:59 2014 -0800
@@ -15,6 +15,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static void ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_request_get_size(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set_size(ngx_http_request_t *r,
@@ -218,7 +220,7 @@
NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("args"),
- ngx_http_variable_request_set,
+ ngx_http_variable_request_args_set,
ngx_http_variable_request,
offsetof(ngx_http_request_t, args),
NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
@@ -647,6 +649,15 @@
static void
+ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ r->valid_unparsed_uri = 0;
+ ngx_http_variable_request_set(r, v, data);
+}
+
+
+static void
ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{

53
patches/nginx-1.13.8-single_process_graceful_exit.patch
View File

@ -1,53 +0,0 @@
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 1710ea81..b379da9c 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -304,11 +304,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
}
for ( ;; ) {
+ if (ngx_exiting) {
+ if (ngx_event_no_timers_left() == NGX_OK) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+
+ for (i = 0; cycle->modules[i]; i++) {
+ if (cycle->modules[i]->exit_process) {
+ cycle->modules[i]->exit_process(cycle);
+ }
+ }
+
+ ngx_master_process_exit(cycle);
+ }
+ }
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
ngx_process_events_and_timers(cycle);
- if (ngx_terminate || ngx_quit) {
+ if (ngx_terminate) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
for (i = 0; cycle->modules[i]; i++) {
if (cycle->modules[i]->exit_process) {
@@ -319,6 +334,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
ngx_master_process_exit(cycle);
}
+ if (ngx_quit) {
+ ngx_quit = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0,
+ "gracefully shutting down");
+ ngx_setproctitle("process is shutting down");
+
+ if (!ngx_exiting) {
+ ngx_exiting = 1;
+ ngx_set_shutdown_timer(cycle);
+ ngx_close_listening_sockets(cycle);
+ ngx_close_idle_connections(cycle);
+ }
+ }
+
if (ngx_reconfigure) {
ngx_reconfigure = 0;
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring");

42
patches/nginx-1.13.8-ssl_cert_cb_yield.patch
View File

@ -1,42 +0,0 @@
# HG changeset patch
# User Yichun Zhang <agentzh@openresty.org>
# Date 1451762084 28800
# Sat Jan 02 11:14:44 2016 -0800
# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd
# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4
SSL: handled SSL_CTX_set_cert_cb() callback yielding.
OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom
callbacks to serve the SSL certificiates and private keys dynamically
and lazily. The callbacks may yield for nonblocking I/O or sleeping.
Here we added support for such usage in NGINX 3rd-party modules
(like ngx_lua) in NGINX's event handlers for downstream SSL
connections.
diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300
+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800
@@ -1210,6 +1210,23 @@
return NGX_AGAIN;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

16
patches/nginx-1.13.8-ssl_pending_session.patch
View File

@ -1,16 +0,0 @@
--- nginx-1.13.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700
+++ nginx-1.13.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700
@@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
+# ifdef SSL_ERROR_PENDING_SESSION
+ || sslerr == SSL_ERROR_PENDING_SESSION
+# endif
+ )
+ {
c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler;

53
patches/nginx-1.13.8-stream_balancer_export.patch
View File

@ -1,53 +0,0 @@
diff --git a/src/stream/ngx_stream_upstream_round_robin.c b/src/stream/ngx_stream_upstream_round_robin.c
index 526de3a..b531ce1 100644
--- a/src/stream/ngx_stream_upstream_round_robin.c
+++ b/src/stream/ngx_stream_upstream_round_robin.c
@@ -21,10 +21,6 @@ static void ngx_stream_upstream_notify_round_robin_peer(
#if (NGX_STREAM_SSL)
-static ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
-static void ngx_stream_upstream_save_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
static ngx_int_t ngx_stream_upstream_empty_set_session(
ngx_peer_connection_t *pc, void *data);
static void ngx_stream_upstream_empty_save_session(ngx_peer_connection_t *pc,
@@ -690,7 +686,7 @@ ngx_stream_upstream_notify_round_robin_peer(ngx_peer_connection_t *pc,
#if (NGX_STREAM_SSL)
-static ngx_int_t
+ngx_int_t
ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
@@ -756,7 +752,7 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
}
-static void
+void
ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
diff --git a/src/stream/ngx_stream_upstream_round_robin.h b/src/stream/ngx_stream_upstream_round_robin.h
index 35d9fce..75f3e31 100644
--- a/src/stream/ngx_stream_upstream_round_robin.h
+++ b/src/stream/ngx_stream_upstream_round_robin.h
@@ -142,5 +142,15 @@ ngx_int_t ngx_stream_upstream_get_round_robin_peer(ngx_peer_connection_t *pc,
void ngx_stream_upstream_free_round_robin_peer(ngx_peer_connection_t *pc,
void *data, ngx_uint_t state);
+#if (NGX_STREAM_SSL)
+ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+void ngx_stream_upstream_save_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+#endif
+
+
+#define HAVE_NGX_STREAM_BALANCER_EXPORT_PATCH 1
+
#endif /* _NGX_STREAM_UPSTREAM_ROUND_ROBIN_H_INCLUDED_ */

31
patches/nginx-1.13.8-stream_proxy_get_next_upstream_tries.patch
View File

@ -1,31 +0,0 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d2459..de92724 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
extern ngx_stream_filter_pt ngx_stream_top_filter;
+#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1
+
+
#endif /* _NGX_STREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 0afde1c..3254ce1 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK;
}
+
+
+ngx_uint_t
+ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s)
+{
+ ngx_stream_proxy_srv_conf_t *pscf;
+
+ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+
+ return pscf->next_upstream_tries;
+}

171
patches/nginx-1.13.8-stream_proxy_timeout_fields.patch
View File

@ -1,171 +0,0 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..a4dda5da 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -241,6 +241,15 @@ typedef struct {
} ngx_stream_module_t;
+typedef struct {
+ ngx_msec_t connect_timeout;
+ ngx_msec_t timeout;
+} ngx_stream_proxy_ctx_t;
+
+
+#define NGX_STREAM_HAVE_PROXY_TIMEOUT_FIELDS_PATCH 1
+
+
#define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */
#define NGX_STREAM_MAIN_CONF 0x02000000
@@ -294,6 +303,7 @@ void ngx_stream_finalize_session(ngx_stream_session_t *s, ngx_uint_t rc);
extern ngx_module_t ngx_stream_module;
extern ngx_uint_t ngx_stream_max_module;
extern ngx_module_t ngx_stream_core_module;
+extern ngx_module_t ngx_stream_proxy_module;
typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..32bfd79f 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -359,6 +359,7 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_stream_proxy_srv_conf_t *pscf;
ngx_stream_upstream_srv_conf_t *uscf, **uscfp;
ngx_stream_upstream_main_conf_t *umcf;
+ ngx_stream_proxy_ctx_t *pctx;
c = s->connection;
@@ -367,6 +368,17 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"proxy connection handler");
+ pctx = ngx_palloc(c->pool, sizeof(ngx_stream_proxy_ctx_t));
+ if (pctx == NULL) {
+ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ pctx->connect_timeout = pscf->connect_timeout;
+ pctx->timeout = pscf->timeout;
+
+ ngx_stream_set_ctx(s, pctx, ngx_stream_proxy_module);
+
u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t));
if (u == NULL) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
@@ -654,6 +666,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = s->connection;
@@ -661,6 +674,8 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
u = s->upstream;
u->connected = 0;
@@ -722,7 +737,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pc->read->handler = ngx_stream_proxy_connect_handler;
pc->write->handler = ngx_stream_proxy_connect_handler;
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
@@ -900,8 +915,10 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
ssize_t n, size;
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
- ngx_stream_proxy_srv_conf_t *pscf;
u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER];
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
c = s->connection;
@@ -928,9 +945,7 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
return NGX_ERROR;
}
- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
-
- ngx_add_timer(pc->write, pscf->timeout);
+ ngx_add_timer(pc->write, ctx->timeout);
pc->write->handler = ngx_stream_proxy_connect_handler;
@@ -994,6 +1009,9 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
ngx_connection_t *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1029,7 +1047,7 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
if (rc == NGX_AGAIN) {
if (!pc->write->timer_set) {
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
pc->ssl->handler = ngx_stream_proxy_ssl_handshake;
@@ -1285,6 +1303,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = ev->data;
s = c->data;
@@ -1296,6 +1315,8 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
return;
}
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
c = s->connection;
pc = u->peer.connection;
@@ -1315,7 +1336,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
}
if (u->connected && !c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
}
return;
@@ -1461,6 +1482,9 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
ngx_log_handler_pt handler;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1652,7 +1676,7 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
}
if (!c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);

13
patches/nginx-1.13.8-stream_ssl_preread_no_skip.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index e3d11fd9..3717b5fe 100644
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
if (rc != NGX_AGAIN) {
- return rc;
+ return rc == NGX_OK ? NGX_DECLINED : rc;
}
p += len;

23
patches/nginx-1.13.8-upstream_pipelining.patch
View File

@ -1,23 +0,0 @@
commit f9907b72a76a21ac5413187b83177a919475c75f
Author: Yichun Zhang (agentzh) <agentzh@gmail.com>
Date: Wed Feb 10 16:05:08 2016 -0800
bugfix: upstream: keep sending request data after the first write attempt.
See
http://mailman.nginx.org/pipermail/nginx-devel/2012-March/002040.html
for more details on the issue.
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index dbaa956..a25aaa2 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2003,7 +2003,7 @@ ngx_http_upstream_send_request_handler(ngx_http_request_t *r,
#endif
- if (u->header_sent) {
+ if (u->request_body_sent) {
u->write_event_handler = ngx_http_upstream_dummy_handler;
(void) ngx_handle_write_event(c->write, 0);

121
patches/nginx-1.13.8-upstream_timeout_fields.patch
View File

@ -1,121 +0,0 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index c394b291..e10df0ab 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -502,12 +502,19 @@ void
ngx_http_upstream_init(ngx_http_request_t *r)
{
ngx_connection_t *c;
+ ngx_http_upstream_t *u;
c = r->connection;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http init upstream, client timer: %d", c->read->timer_set);
+ u = r->upstream;
+
+ u->connect_timeout = u->conf->connect_timeout;
+ u->send_timeout = u->conf->send_timeout;
+ u->read_timeout = u->conf->read_timeout;
+
#if (NGX_HTTP_V2)
if (r->stream) {
ngx_http_upstream_init_request(r);
@@ -1590,7 +1597,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
u->request_body_sent = 0;
if (rc == NGX_AGAIN) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
return;
}
@@ -1666,7 +1673,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
if (rc == NGX_AGAIN) {
if (!c->write->timer_set) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
}
c->ssl->handler = ngx_http_upstream_ssl_handshake_handler;
@@ -1960,7 +1967,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
if (rc == NGX_AGAIN) {
if (!c->write->ready) {
- ngx_add_timer(c->write, u->conf->send_timeout);
+ ngx_add_timer(c->write, u->send_timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);
@@ -2003,7 +2010,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
return;
}
- ngx_add_timer(c->read, u->conf->read_timeout);
+ ngx_add_timer(c->read, u->read_timeout);
if (c->read->ready) {
ngx_http_upstream_process_header(r, u);
@@ -2800,7 +2807,7 @@ ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r,
}
if (rev->active) {
- ngx_add_timer(rev, u->conf->read_timeout);
+ ngx_add_timer(rev, u->read_timeout);
} else if (rev->timer_set) {
ngx_del_timer(rev);
@@ -3129,7 +3136,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
p->cyclic_temp_file = 0;
}
- p->read_timeout = u->conf->read_timeout;
+ p->read_timeout = u->read_timeout;
p->send_timeout = clcf->send_timeout;
p->send_lowat = clcf->send_lowat;
@@ -3367,7 +3374,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->write->active && !upstream->write->ready) {
- ngx_add_timer(upstream->write, u->conf->send_timeout);
+ ngx_add_timer(upstream->write, u->send_timeout);
} else if (upstream->write->timer_set) {
ngx_del_timer(upstream->write);
@@ -3379,7 +3386,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
@@ -3573,7 +3580,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index c552ac0c..40b69d0a 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -329,6 +329,11 @@ struct ngx_http_upstream_s {
ngx_array_t *caches;
#endif
+#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1
+ ngx_msec_t connect_timeout;
+ ngx_msec_t send_timeout;
+ ngx_msec_t read_timeout;
+
ngx_http_upstream_headers_in_t headers_in;
ngx_http_upstream_resolved_t *resolved;

216
patches/openssl-1.1.0c-sess_set_get_cb_yield.patch Normal file
View File

@ -0,0 +1,216 @@
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 9bc941b25f..4f55f1f825 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -220,6 +220,8 @@ void BIO_clear_flags(BIO *b, int flags);
/* Returned from the accept BIO when an accept would have blocked */
# define BIO_RR_ACCEPT 0x03
+# define BIO_RR_SSL_SESSION_LOOKUP 0x04
+
/* These are passed by the BIO callback */
# define BIO_CB_FREE 0x01
# define BIO_CB_READ 0x02
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 86ab9125de..ab617c4055 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -788,6 +788,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
# define SSL_ASYNC_NO_JOBS 6
+# define SSL_SESS_LOOKUP 7
/* These will only be used when doing non-blocking IO */
# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
@@ -796,6 +797,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED)
# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_sess_lookup(s) (SSL_want(s) == SSL_SESS_LOOKUP)
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
@@ -1028,6 +1030,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
+# define SSL_ERROR_WANT_SESSION_LOOKUP 11
+# define SSL_ERROR_PENDING_SESSION 11 /* BoringSSL compatibility */
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_DH_CB 6
@@ -1424,6 +1428,7 @@ int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
int SSL_SESSION_up_ref(SSL_SESSION *ses);
void SSL_SESSION_free(SSL_SESSION *ses);
+SSL_SESSION *SSL_magic_pending_session_ptr(void);
__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 3dd09cf52d..7ac370fefc 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -138,6 +138,10 @@ static int ssl_read(BIO *b, char *out, int outl)
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_SESSION_LOOKUP;
+ break;
case SSL_ERROR_WANT_ACCEPT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_ACCEPT;
@@ -210,6 +214,10 @@ static int ssl_write(BIO *b, const char *out, int outl)
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_SESSION_LOOKUP;
+ break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_CONNECT;
@@ -363,6 +371,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_retry_special(b);
BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ BIO_set_retry_reason(b, BIO_RR_SSL_SESSION_LOOKUP);
+ break;
default:
break;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index bd0fbf8101..fc65b168f0 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2982,6 +2982,9 @@ int SSL_get_error(const SSL *s, int i)
if (SSL_want_async_job(s)) {
return SSL_ERROR_WANT_ASYNC_JOB;
}
+ if (SSL_want_sess_lookup(s)) {
+ return SSL_ERROR_WANT_SESSION_LOOKUP;
+ }
}
if (i == 0) {
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eee1ca1f5b..bffd87335d 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -40,6 +40,8 @@
#include <openssl/engine.h>
#include "ssl_locl.h"
+static const char g_pending_session_magic = 0;
+
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
@@ -502,6 +504,10 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
PACKET_remaining(session_id),
&copy);
+ if (ret == SSL_magic_pending_session_ptr()) {
+ return -2; /* Retry later */
+ }
+
if (ret != NULL) {
s->session_ctx->stats.sess_cb_hit++;
@@ -877,6 +883,11 @@ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
return s->peer;
}
+SSL_SESSION *SSL_magic_pending_session_ptr(void)
+{
+ return (SSL_SESSION *) &g_pending_session_magic;
+}
+
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index caaf0687b5..baadc1154d 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -581,16 +581,18 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
}
s->first_packet = 0;
- if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+
+ st->read_state = READ_STATE_PROCESS;
+ /* Fall through */
+
+ case READ_STATE_PROCESS:
+ if (!PACKET_buf_init(&pkt, s->init_msg, s->init_num)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
ret = process_message(s, &pkt);
- /* Discard the packet data */
- s->init_num = 0;
-
switch (ret) {
case MSG_PROCESS_ERROR:
return SUB_STATE_ERROR;
@@ -610,6 +612,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
st->read_state = READ_STATE_HEADER;
break;
}
+
+ /* Discard the packet data */
+ s->init_num = 0;
break;
case READ_STATE_POST_PROCESS:
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 2fca39b0db..b106f4d069 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -60,6 +60,7 @@ typedef enum {
typedef enum {
READ_STATE_HEADER,
READ_STATE_BODY,
+ READ_STATE_PROCESS,
READ_STATE_POST_PROCESS
} READ_STATE;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9327654ce5..f05d0c3dce 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1165,11 +1165,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
s->hit = 1;
} else if (i == -1) {
goto err;
+ } else if (i == -2) {
+ s->rwstate = SSL_SESS_LOOKUP;
+ s->statem.read_state_work = WORK_MORE_A;
+ return MSG_PROCESS_ERROR;
} else {
/* i == 0 */
if (!ssl_get_new_session(s, 1))
goto err;
}
+ s->rwstate = SSL_NOTHING;
}
if (ssl_bytes_to_cipher_list(s, &cipher_suites, &(ciphers),
diff --git a/util/libssl.num b/util/libssl.num
index 200629f74b..e580efd2d2 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -403,3 +403,4 @@ SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
+SSL_magic_pending_session_ptr 407 1_1_0 EXIST::FUNCTION:

218
patches/openssl-1.1.0d-sess_set_get_cb_yield.patch Normal file
View File

@ -0,0 +1,218 @@
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 9bc941b25f..4f55f1f825 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -220,6 +220,8 @@ void BIO_clear_flags(BIO *b, int flags);
/* Returned from the accept BIO when an accept would have blocked */
# define BIO_RR_ACCEPT 0x03
+# define BIO_RR_SSL_SESSION_LOOKUP 0x04
+
/* These are passed by the BIO callback */
# define BIO_CB_FREE 0x01
# define BIO_CB_READ 0x02
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8d75d53eca..55b896bf79 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -791,6 +791,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
# define SSL_ASYNC_NO_JOBS 6
+# define SSL_SESS_LOOKUP 7
/* These will only be used when doing non-blocking IO */
# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
@@ -799,6 +800,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED)
# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_sess_lookup(s) (SSL_want(s) == SSL_SESS_LOOKUP)
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
@@ -1031,6 +1033,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
+# define SSL_ERROR_WANT_SESSION_LOOKUP 11
+# define SSL_ERROR_PENDING_SESSION 11 /* BoringSSL compatibility */
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_DH_CB 6
@@ -1426,6 +1430,7 @@ int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
int SSL_SESSION_up_ref(SSL_SESSION *ses);
void SSL_SESSION_free(SSL_SESSION *ses);
+SSL_SESSION *SSL_magic_pending_session_ptr(void);
__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 3dd09cf52d..7ac370fefc 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -138,6 +138,10 @@ static int ssl_read(BIO *b, char *out, int outl)
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_SESSION_LOOKUP;
+ break;
case SSL_ERROR_WANT_ACCEPT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_ACCEPT;
@@ -210,6 +214,10 @@ static int ssl_write(BIO *b, const char *out, int outl)
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_SESSION_LOOKUP;
+ break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_CONNECT;
@@ -363,6 +371,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_retry_special(b);
BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
break;
+ case SSL_ERROR_WANT_SESSION_LOOKUP:
+ BIO_set_retry_special(b);
+ BIO_set_retry_reason(b, BIO_RR_SSL_SESSION_LOOKUP);
+ break;
default:
break;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 002b2e5847..373484e16b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2982,6 +2982,9 @@ int SSL_get_error(const SSL *s, int i)
if (SSL_want_async_job(s)) {
return SSL_ERROR_WANT_ASYNC_JOB;
}
+ if (SSL_want_sess_lookup(s)) {
+ return SSL_ERROR_WANT_SESSION_LOOKUP;
+ }
}
if (i == 0) {
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 43cb1d371b..99c5e4990f 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -40,6 +40,8 @@
#include <openssl/engine.h>
#include "ssl_locl.h"
+static const char g_pending_session_magic = 0;
+
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
@@ -502,6 +504,10 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
PACKET_remaining(session_id),
&copy);
+ if (ret == SSL_magic_pending_session_ptr()) {
+ return -2; /* Retry later */
+ }
+
if (ret != NULL) {
s->session_ctx->stats.sess_cb_hit++;
@@ -886,6 +892,11 @@ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
return s->peer;
}
+SSL_SESSION *SSL_magic_pending_session_ptr(void)
+{
+ return (SSL_SESSION *) &g_pending_session_magic;
+}
+
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 512f1e0941..52a335bee9 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -583,16 +583,18 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
}
s->first_packet = 0;
- if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+
+ st->read_state = READ_STATE_PROCESS;
+ /* Fall through */
+
+ case READ_STATE_PROCESS:
+ if (!PACKET_buf_init(&pkt, s->init_msg, s->init_num)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
ret = process_message(s, &pkt);
- /* Discard the packet data */
- s->init_num = 0;
-
switch (ret) {
case MSG_PROCESS_ERROR:
return SUB_STATE_ERROR;
@@ -612,6 +614,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
st->read_state = READ_STATE_HEADER;
break;
}
+
+ /* Discard the packet data */
+ s->init_num = 0;
break;
case READ_STATE_POST_PROCESS:
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 2fca39b0db..b106f4d069 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -60,6 +60,7 @@ typedef enum {
typedef enum {
READ_STATE_HEADER,
READ_STATE_BODY,
+ READ_STATE_PROCESS,
READ_STATE_POST_PROCESS
} READ_STATE;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d36d194b0a..bcf0635172 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1165,11 +1165,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
s->hit = 1;
} else if (i == -1) {
goto err;
+ } else if (i == -2) {
+ s->rwstate = SSL_SESS_LOOKUP;
+ s->statem.read_state_work = WORK_MORE_A;
+ return MSG_PROCESS_ERROR;
} else {
/* i == 0 */
if (!ssl_get_new_session(s, 1))
goto err;
}
+ s->rwstate = SSL_NOTHING;
}
if (ssl_bytes_to_cipher_list(s, &cipher_suites, &(ciphers),
diff --git a/util/libssl.num b/util/libssl.num
index 7b9b3c251c..6e9a26133f 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -403,5 +403,6 @@ SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
+SSL_magic_pending_session_ptr 407 1_1_0 EXIST::FUNCTION:
SSL_COMP_get_id 412 1_1_0d EXIST::FUNCTION:
SSL_COMP_get0_name 413 1_1_0d EXIST::FUNCTION:

382
t/001-resolver.t Normal file
View File

@ -0,0 +1,382 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua;
#worker_connections(1014);
#master_process_enabled(1);
log_level('debug');
repeat_each(1);
plan tests => repeat_each() * (blocks() * 5);
#no_diff();
no_long_string();
run_tests();
__DATA__
=== TEST 1: use system resolver
--- config
resolver local=on ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- error_log
parsed a resolver: "
=== TEST 2: malformed file
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
nameser 8.8.8.8"
--- request
GET /t
--- response_body
failed to connect to openresty.org: no resolver defined to resolve "openresty.org"
--- no_error_log
[error]
[crit]
parsed a resolver: "
=== TEST 3: disabled
--- config
resolver local=off ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
nameser 8.8.8.8"
--- request
GET /t
--- response_body
failed to connect to openresty.org: no resolver defined to resolve "openresty.org"
--- no_error_log
[error]
[crit]
parsed a resolver: "
=== TEST 4: multiple resolvers
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
domain example.com
nameserver 8.8.8.8
nameserver 8.8.4.4"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"
=== TEST 5: CRLF
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
domain example.com\r\nnameserver 8.8.8.8\r\nnameserver 8.8.4.4"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"
=== TEST 6: CR only, with comments
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
#domain example.com\rnameserver 8.8.8.8\rnameserver 8.8.4.4"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"
=== TEST 7: spaces and tabs before and after nameserver
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
domain example.com
\t \t \tnameserver \t \t 8.8.8.8
\t \t \tnameserver\t \t8.8.4.4"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"
=== TEST 8: MAXNS is respected (in standard Glibc it is 3)
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
domain example.com
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 208.67.222.222
nameserver 208.67.220.220"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"
parsed a resolver: "208.67.222.222"
=== TEST 9: IPv6 is supported
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location = /t {
content_by_lua_block {
ngx.say("done")
}
}
--- user_files eval
">>> resolv.conf
domain example.com
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844"
--- request
GET /t
--- response_body
done
--- no_error_log
[crit]
[error]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "[2001:4860:4860::8888]"
parsed a resolver: "[2001:4860:4860::8844]"
=== TEST 10: IPv6 with malformed and long address
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location = /t {
content_by_lua_block {
ngx.say("done")
}
}
--- user_files eval
">>> resolv.conf
domain example.com
nameserver 2001:4860:4860::8888:2001:4860:4860::8888:2001
nameserver 2001:4860:4860::8844"
--- request
GET /t
--- response_body
done
--- no_error_log
[crit]
[error]
--- must_die
--- error_log
IPv6 resolver address is too long: "2001:4860:4860::8888:2001:4860:4860::8888:2001"
unable to parse local resolver
=== TEST 11: new line at the end of the file
--- config
resolver local=../html/resolv.conf ipv6=off;
resolver_timeout 5s;
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("openresty.org", 80)
if not ok then
ngx.say("failed to connect to openresty.org: ", err)
return
end
ngx.say("successfully connected to openresty.org")
sock:close()
}
}
--- user_files eval
">>> resolv.conf
domain example.com
nameserver 8.8.8.8
nameserver 8.8.4.4
"
--- request
GET /t
--- response_body
successfully connected to openresty.org
--- no_error_log
[error]
[crit]
--- grep_error_log eval: qr/parsed a resolver: ".+"/
--- grep_error_log_out
parsed a resolver: "8.8.8.8"
parsed a resolver: "8.8.4.4"

2103
t/sanity.t
View File

File diff suppressed because it is too large Load Diff

21
util/build-win32.sh
View File

@ -1,12 +1,13 @@
#!/bin/bash #!/bin/bash
PCRE=pcre-8.41 PCRE=pcre-8.42
ZLIB=zlib-1.2.11 ZLIB=zlib-1.2.11
OPENSSL=openssl-1.0.2k OPENSSL=openssl-1.1.0h
JOBS=12
# wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz # wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz
# wget http://zlib.net/zlib-1.2.11.tar.gz # wget http://zlib.net/zlib-1.2.11.tar.gz
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz # wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.42.tar.gz
rm -rf objs || exit 1 rm -rf objs || exit 1
mkdir -p objs/lib || exit 1 mkdir -p objs/lib || exit 1
@ -18,7 +19,8 @@ tar -xf ../../../$PCRE.tar.gz || exit 1
cd ../.. cd ../..
cd objs/lib/$OPENSSL || exit 1 cd objs/lib/$OPENSSL || exit 1
patch -p1 < ../../../patches/openssl-1.0.2h-sess_set_get_cb_yield.patch || exit 1 patch -p1 < ../../../patches/openssl-1.1.0d-sess_set_get_cb_yield.patch \
|| exit 1
cd ../../.. cd ../../..
#--with-openssl-opt="no-asm" \ #--with-openssl-opt="no-asm" \
@ -36,6 +38,7 @@ cd ../../..
--with-ipv6 \ --with-ipv6 \
--with-stream \ --with-stream \
--with-stream_ssl_module \ --with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_v2_module \ --with-http_v2_module \
--without-mail_pop3_module \ --without-mail_pop3_module \
--without-mail_imap_module \ --without-mail_imap_module \
@ -57,7 +60,7 @@ cd ../../..
--with-pcre=objs/lib/$PCRE \ --with-pcre=objs/lib/$PCRE \
--with-zlib=objs/lib/$ZLIB \ --with-zlib=objs/lib/$ZLIB \
--with-openssl=objs/lib/$OPENSSL \ --with-openssl=objs/lib/$OPENSSL \
-j5 || exit 1 -j$JOBS || exit 1
#gmake -j5
make || exit 1 make -j$JOBS || exit 1
make install exec make install

136
util/configure vendored
View File

@ -292,6 +292,11 @@ for my $opt (@ARGV) {
my $mod_path = File::Spec->rel2abs($1); my $mod_path = File::Spec->rel2abs($1);
push @ngx_opts, "--add-module=$mod_path"; push @ngx_opts, "--add-module=$mod_path";
} elsif ($opt =~ /^--add-dynamic-module=(.*)/) {
my $mod_path = File::Spec->rel2abs($1);
push @ngx_opts, "--add-dynamic-module=$mod_path";
} elsif ($opt =~ /^--with-(openssl|pcre|zlib|libatomic|md5|sha1)=(.*)/) { } elsif ($opt =~ /^--with-(openssl|pcre|zlib|libatomic|md5|sha1)=(.*)/) {
my ($lib, $path) = ($1, $2); my ($lib, $path) = ($1, $2);
@ -327,6 +332,12 @@ if ($platform eq 'msys') {
my $postamble = ''; my $postamble = '';
if ($platform ne 'msys') {
if (!$ngx_sbin) {
$ngx_sbin = "$ngx_prefix/sbin/nginx";
}
}
my $resty_opts = build_resty_opts(\%resty_opts); my $resty_opts = build_resty_opts(\%resty_opts);
if (@ngx_rpaths) { if (@ngx_rpaths) {
@ -358,10 +369,8 @@ push @make_install_cmds,
. " \$(DESTDIR)$prefix/site/manifest"; . " \$(DESTDIR)$prefix/site/manifest";
if ($platform ne 'msys') { if ($platform ne 'msys') {
if (!$ngx_sbin) { push @make_install_cmds,
$ngx_sbin = "$ngx_prefix/sbin/nginx"; "ln -sf $ngx_sbin \$(DESTDIR)$prefix/bin/openresty";
}
push @make_install_cmds, "ln -sf $ngx_sbin \$(DESTDIR)$prefix/bin/openresty";
} }
cd '../..'; # to the root cd '../..'; # to the root
@ -460,10 +469,12 @@ Type the following commands to build and install:
_END_ _END_
if ($opts->{no_ndk}) { if ($opts->{no_ndk}) {
for my $name (qw(set_misc iconv lz_session form_input array_var encrypted_session)) { for my $name (qw(set_misc iconv lz_session form_input array_var
encrypted_session))
{
if (! $opts->{"no_http_$name"}) { if (! $opts->{"no_http_$name"}) {
warn "WARNING: ngx_http_${name}_module is automatically disabled ", warn "WARNING: ngx_http_${name}_module is automatically ",
"because ngx_devel_kit_module is disabled.\n"; "disabled because ngx_devel_kit_module is disabled.\n";
$opts->{"no_http_$name"} = 1; $opts->{"no_http_$name"} = 1;
} }
} }
@ -489,7 +500,8 @@ _END_
} }
if ($opts->{no_http_ssl} && $opts->{http_ssl}) { if ($opts->{no_http_ssl} && $opts->{http_ssl}) {
die "--with-http_ssl_module conflicts with --without-http_ssl_module.\n"; die "--with-http_ssl_module conflicts with --without-http_ssl_module.",
"\n";
} }
if (! $opts->{no_http_ssl} && ! $opts->{http_ssl}) { if (! $opts->{no_http_ssl} && ! $opts->{http_ssl}) {
@ -498,25 +510,30 @@ _END_
} }
if (! $opts->{http_drizzle} && $opts->{libdrizzle}) { if (! $opts->{http_drizzle} && $opts->{libdrizzle}) {
die "The http_drizzle_module is not enabled while --with-libdrizzle is specified.\n"; die "The http_drizzle_module is not enabled while --with-libdrizzle ",
"is specified.\n";
} }
if (! $opts->{http_postgres} && $opts->{libpq}) { if (! $opts->{http_postgres} && $opts->{libpq}) {
die "The http_postgres_module is not enabled while --with-libpq is specified.\n"; die "The http_postgres_module is not enabled while --with-libpq is ",
"specified.\n";
} }
if (! $opts->{http_postgres} && $opts->{pg_config}) { if (! $opts->{http_postgres} && $opts->{pg_config}) {
die "The http_postgres_module is not enabled while --with-pg_config is specified.\n"; die "The http_postgres_module is not enabled while --with-pg_config ",
"is specified.\n";
} }
if ($platform eq 'linux' && $opts->{luajit} && ! can_run("ldconfig")) { if ($platform eq 'linux' && $opts->{luajit} && ! can_run("ldconfig")) {
die "you need to have ldconfig in your PATH env when enabling luajit.\n"; die "you need to have ldconfig in your PATH env when enabling luajit.",
"\n";
} }
my $opts_line = ''; my $opts_line = '';
if ($opts->{debug}) { if ($opts->{debug}) {
unshift @ngx_cc_opts, '-DNGX_LUA_USE_ASSERT', '-DNGX_LUA_ABORT_AT_PANIC'; unshift @ngx_cc_opts, '-DNGX_LUA_USE_ASSERT',
'-DNGX_LUA_ABORT_AT_PANIC';
$opts_line .= " \\\n --with-debug"; $opts_line .= " \\\n --with-debug";
} else { } else {
@ -529,7 +546,8 @@ _END_
} }
if (-e 'build') { if (-e 'build') {
die "file or directory \"build\" already exists. please remove it first.\n"; die "file or directory \"build\" already exists. please remove it ",
"first.\n";
} }
shell "cp -rp bundle/ build"; shell "cp -rp bundle/ build";
@ -656,10 +674,14 @@ int main(void) {
my $comp = ($cc || 'cc'); my $comp = ($cc || 'cc');
my $found; my $found;
if (system("$comp -o $ofile -msse4.2 -c $cfile") == 0 && -s $ofile) { if (system("$comp -o $ofile -msse4.2 -c $cfile") == 0
&& -s $ofile)
{
unlink $ofile; unlink $ofile;
if (system("$comp -o $ofile -march=native -c $cfile") == 0 && -s $ofile) { if (system("$comp -o $ofile -march=native -c $cfile") == 0
&& -s $ofile)
{
print "INFO: found -msse4.2 in $comp.\n"; print "INFO: found -msse4.2 in $comp.\n";
$found = 1; $found = 1;
$luajit_xcflags .= " -msse4.2"; $luajit_xcflags .= " -msse4.2";
@ -733,7 +755,8 @@ int main(void) {
if ($platform eq 'msys') { if ($platform eq 'msys') {
$lib = $luajit_root; $lib = $luajit_root;
shell "install -m 0755 src/luajit.exe src/lua51.dll $lib/", $dry_run; shell "install -m 0755 src/luajit.exe src/lua51.dll $lib/",
$dry_run;
my $lua_jit_dir = File::Spec->catfile($luajit_root, "lua", "jit"); my $lua_jit_dir = File::Spec->catfile($luajit_root, "lua", "jit");
shell "mkdir -p $lua_jit_dir", $dry_run; shell "mkdir -p $lua_jit_dir", $dry_run;
@ -743,20 +766,26 @@ int main(void) {
$inc = File::Spec->catfile($luajit_root, "include", "luajit-2.1"); $inc = File::Spec->catfile($luajit_root, "include", "luajit-2.1");
shell "mkdir -p $inc", $dry_run; shell "mkdir -p $inc", $dry_run;
shell "cd src && install -m 0644 lua.h lualib.h lauxlib.h luaconf.h lua.hpp luajit.h $inc/", shell "cd src && install -m 0644 lua.h lualib.h lauxlib.h "
. "luaconf.h lua.hpp luajit.h $inc/",
$dry_run; $dry_run;
} else { } else {
shell "${make} install$extra_opts PREFIX=$luajit_prefix DESTDIR=$luajit_root/", $dry_run; shell "${make} install$extra_opts PREFIX=$luajit_prefix "
. "DESTDIR=$luajit_root/", $dry_run;
$lib = File::Spec->catfile($luajit_root, $luajit_prefix, "lib"); $lib = File::Spec->catfile($luajit_root, $luajit_prefix, "lib");
$inc = File::Spec->catfile($luajit_root, $luajit_prefix, "include", "luajit-2.1"); $inc = File::Spec->catfile($luajit_root, $luajit_prefix,
"include", "luajit-2.1");
} }
push @make_cmds, "cd $root_dir/build/$luajit_src && " push @make_cmds, "cd $root_dir/build/$luajit_src && "
. "\$(MAKE)$extra_opts PREFIX=$luajit_prefix"; . "\$(MAKE)$extra_opts PREFIX=$luajit_prefix";
my $abs_luajit_src = File::Spec->rel2abs(File::Spec->catfile($root_dir, "build", $luajit_src), $root_dir); my $abs_luajit_src =
File::Spec->rel2abs(File::Spec->catfile($root_dir, "build",
$luajit_src),
$root_dir);
if ($platform eq 'msys') { if ($platform eq 'msys') {
push @make_install_cmds, "cd $abs_luajit_src && " push @make_install_cmds, "cd $abs_luajit_src && "
@ -764,7 +793,8 @@ int main(void) {
} else { } else {
push @make_install_cmds, "cd $abs_luajit_src && " push @make_install_cmds, "cd $abs_luajit_src && "
. "\$(MAKE) install$extra_opts PREFIX=$luajit_prefix DESTDIR=\$(DESTDIR)"; . "\$(MAKE) install$extra_opts PREFIX=$luajit_prefix "
. "DESTDIR=\$(DESTDIR)";
} }
env LUAJIT_LIB => $lib; env LUAJIT_LIB => $lib;
@ -824,7 +854,8 @@ int main(void) {
env LUA_LIB => File::Spec->catfile($lua_root, $lua_prefix, "lib"); env LUA_LIB => File::Spec->catfile($lua_root, $lua_prefix, "lib");
env LUA_INC => File::Spec->catfile($lua_root, $lua_prefix, "include"); env LUA_INC => File::Spec->catfile($lua_root, $lua_prefix, "include");
push @make_cmds, "cd $root_dir/build/$lua_src && \$(MAKE)$extra_opts $platform"; push @make_cmds,
"cd $root_dir/build/$lua_src && \$(MAKE)$extra_opts $platform";
push @make_install_cmds, "cd $root_dir/build/$lua_src && " push @make_install_cmds, "cd $root_dir/build/$lua_src && "
. "\$(MAKE) install$extra_opts INSTALL_TOP=\$(DESTDIR)$lua_prefix"; . "\$(MAKE) install$extra_opts INSTALL_TOP=\$(DESTDIR)$lua_prefix";
@ -875,16 +906,19 @@ _EOC_
if ($platform eq 'msys') { if ($platform eq 'msys') {
my $luajit_root = File::Spec->rel2abs("luajit-root"); my $luajit_root = File::Spec->rel2abs("luajit-root");
$extra_opts .= " CJSON_LDFLAGS=\"-shared -L$luajit_root -llua51\""; $extra_opts .=
" CJSON_LDFLAGS=\"-shared -L$luajit_root -llua51\"";
} }
if ($on_solaris) { if ($on_solaris) {
#$extra_opts .= " INSTALL=$root_dir/build/install"; #$extra_opts .= " INSTALL=$root_dir/build/install";
if ($opts->{debug}) { if ($opts->{debug}) {
$extra_opts .= " CJSON_CFLAGS=\"-g -O -fpic -DUSE_INTERNAL_ISINF\""; $extra_opts .=
" CJSON_CFLAGS=\"-g -O -fpic -DUSE_INTERNAL_ISINF\"";
} else { } else {
$extra_opts .= " CJSON_CFLAGS=\"-g -fpic -DUSE_INTERNAL_ISINF\""; $extra_opts .=
" CJSON_CFLAGS=\"-g -fpic -DUSE_INTERNAL_ISINF\"";
} }
} else { } else {
@ -896,7 +930,8 @@ _EOC_
} }
if ($platform eq 'macosx') { if ($platform eq 'macosx') {
$extra_opts .= " CJSON_LDFLAGS='-bundle -undefined dynamic_lookup'"; $extra_opts .=
" CJSON_LDFLAGS='-bundle -undefined dynamic_lookup'";
} }
if (defined $cc) { if (defined $cc) {
@ -1026,7 +1061,8 @@ _EOC_
die "No $name found"; die "No $name found";
} }
my $extra_opts = " DESTDIR=\$(DESTDIR) LUA_LIB_DIR=$lualib_prefix" my $extra_opts =
" DESTDIR=\$(DESTDIR) LUA_LIB_DIR=$lualib_prefix"
." INSTALL=$root_dir/build/install"; ." INSTALL=$root_dir/build/install";
push @make_install_cmds, "cd $root_dir/build/$dir && " . push @make_install_cmds, "cd $root_dir/build/$dir && " .
@ -1060,12 +1096,45 @@ _EOC_
} }
push @make_install_cmds, "cd $root_dir/build/$resty_cli_dir && " push @make_install_cmds, "cd $root_dir/build/$resty_cli_dir && "
. "$root_dir/build/install bin/* $target_dir"; . "$root_dir/build/install bin/* $target_dir";
if ($platform ne 'msys') {
# patch the resty script:
print "patching the resty script with hard-coded nginx binary ",
"path...\n";
my $resty_bin = "$root_dir/build/$resty_cli_dir/bin/resty";
open my $in, $resty_bin
or die "Cannot open $resty_bin for reading: $!\n";
my ($new, $found);
while (<$in>) {
if (/^my \$nginx_path;$/) {
$found = 1;
$new .= qq/my \$nginx_path = '$ngx_sbin';\n/;
} else {
$new .= $_;
}
}
close $in;
if (!$found) {
die "failed to patch $resty_bin: the line 'my \$nginx_path' ",
"was not found.\n";
}
open my $out, ">$resty_bin"
or die "Cannot open $resty_bin for writing: $!\n";
print $out $new;
close $out;
}
} }
# configure restydoc indexes # configure restydoc indexes
push @make_install_cmds, "cp $root_dir/build/resty.index \$(DESTDIR)$prefix/", push @make_install_cmds,
"cp -r $root_dir/build/pod \$(DESTDIR)$prefix/"; "cp $root_dir/build/resty.index \$(DESTDIR)$prefix/",
"cp -r $root_dir/build/pod \$(DESTDIR)$prefix/";
# prepare nginx configure line # prepare nginx configure line
@ -1306,9 +1375,16 @@ Options directly inherited from nginx
--with-stream enable TCP/UDP proxy module --with-stream enable TCP/UDP proxy module
--with-stream=dynamic enable dynamic TCP/UDP proxy module --with-stream=dynamic enable dynamic TCP/UDP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module --with-stream_ssl_module enable ngx_stream_ssl_module
--with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
--with-stream_ssl_preread_module enable ngx_stream_ssl_preread_module
--without-stream_limit_conn_module disable ngx_stream_limit_conn_module --without-stream_limit_conn_module disable ngx_stream_limit_conn_module
--without-stream_access_module disable ngx_stream_access_module --without-stream_access_module disable ngx_stream_access_module
--without-stream_geo_module disable ngx_stream_geo_module
--without-stream_map_module disable ngx_stream_map_module --without-stream_map_module disable ngx_stream_map_module
--without-stream_split_clients_module
disable ngx_stream_split_clients_module
--without-stream_return_module disable ngx_stream_return_module --without-stream_return_module disable ngx_stream_return_module
--without-stream_upstream_hash_module --without-stream_upstream_hash_module
disable ngx_stream_upstream_hash_module disable ngx_stream_upstream_hash_module

7
util/dist-check
View File

@ -45,6 +45,13 @@ if ($^O eq 'darwin') {
. "-I/usr/local/opt/pcre/include/'" . "-I/usr/local/opt/pcre/include/'"
. " --with-ld-opt='-L/usr/local/opt/openssl/lib/ " . " --with-ld-opt='-L/usr/local/opt/openssl/lib/ "
. "-L/usr/local/opt/pcre/lib/'"; . "-L/usr/local/opt/pcre/lib/'";
} else {
my $ssl_prefix = $ENV{OPENSSL_PREFIX};
if (defined $ssl_prefix) {
$cfg_opts .= " --with-cc-opt='-I$ssl_prefix/include/' "
. " --with-ld-opt='-L$ssl_prefix/lib/' ";
}
} }
my $prefix; my $prefix;

59
util/mirror-tarballs
View File

@ -56,6 +56,17 @@ if [ "$answer" = "Y" ]; then
echo echo
fi fi
answer=`$root/util/ver-ge "$main_ver" 1.13.6`
if [ "$answer" = "Y" ]; then
echo "$info_txt applying the stream_ssl_preread_no_skip patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-stream_ssl_preread_no_skip.patch || exit 1
echo
echo "$info_txt applying the resolver_conf_parsing patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-resolver_conf_parsing.patch || exit 1
echo
fi
answer=`$root/util/ver-ge "$main_ver" 1.5.12` answer=`$root/util/ver-ge "$main_ver" 1.5.12`
if [ "$answer" = "N" ]; then if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)" echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"
@ -407,6 +418,10 @@ echo "$info_txt applying the safe_resolver_ipv6_option patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-safe_resolver_ipv6_option.patch || exit 1 patch -p1 < $root/patches/nginx-$main_ver-safe_resolver_ipv6_option.patch || exit 1
echo echo
echo "$info_txt applying the socket_cloexec patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-socket_cloexec.patch || exit 1
echo
cp $root/html/index.html docs/html/ || exit 1 cp $root/html/index.html docs/html/ || exit 1
cp $root/html/50x.html docs/html/ || exit 1 cp $root/html/50x.html docs/html/ || exit 1
@ -428,7 +443,7 @@ mv openresty-echo-nginx-module-* echo-nginx-module-$ver || exit 1
################################# #################################
ver=0.05 ver=0.06
$root/util/get-tarball "https://github.com/openresty/xss-nginx-module/tarball/v$ver" -O xss-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/xss-nginx-module/tarball/v$ver" -O xss-nginx-module-$ver.tar.gz || exit 1
tar -xzf xss-nginx-module-$ver.tar.gz || exit 1 tar -xzf xss-nginx-module-$ver.tar.gz || exit 1
mv openresty-xss-nginx-module-* xss-nginx-module-$ver || exit 1 mv openresty-xss-nginx-module-* xss-nginx-module-$ver || exit 1
@ -436,13 +451,13 @@ mv openresty-xss-nginx-module-* xss-nginx-module-$ver || exit 1
################################# #################################
ver=0.3.0 ver=0.3.0
$root/util/get-tarball "https://github.com/simpl/ngx_devel_kit/tarball/v$ver" -O ngx_devel_kit-$ver.tar.gz $root/util/get-tarball "https://github.com/simplresty/ngx_devel_kit/tarball/v$ver" -O ngx_devel_kit-$ver.tar.gz
tar -xzf ngx_devel_kit-$ver.tar.gz || exit 1 tar -xzf ngx_devel_kit-$ver.tar.gz || exit 1
mv simpl-ngx_devel_kit-* ngx_devel_kit-$ver || exit 1 mv simplresty-ngx_devel_kit-* ngx_devel_kit-$ver || exit 1
################################# #################################
ver=0.31 ver=0.32
$root/util/get-tarball "https://github.com/openresty/set-misc-nginx-module/tarball/v$ver" -O set-misc-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/set-misc-nginx-module/tarball/v$ver" -O set-misc-nginx-module-$ver.tar.gz || exit 1
tar -xzf set-misc-nginx-module-$ver.tar.gz || exit 1 tar -xzf set-misc-nginx-module-$ver.tar.gz || exit 1
mv openresty-set-misc-nginx-module-* set-misc-nginx-module-$ver || exit 1 mv openresty-set-misc-nginx-module-* set-misc-nginx-module-$ver || exit 1
@ -456,7 +471,7 @@ mv openresty-rds-json-nginx-module-* rds-json-nginx-module-$ver || exit 1
################################# #################################
ver=0.08 ver=0.09
$root/util/get-tarball "https://github.com/openresty/rds-csv-nginx-module/tarball/v$ver" -O rds-csv-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/rds-csv-nginx-module/tarball/v$ver" -O rds-csv-nginx-module-$ver.tar.gz || exit 1
tar -xzf rds-csv-nginx-module-$ver.tar.gz || exit 1 tar -xzf rds-csv-nginx-module-$ver.tar.gz || exit 1
mv openresty-rds-csv-nginx-module-* rds-csv-nginx-module-$ver || exit 1 mv openresty-rds-csv-nginx-module-* rds-csv-nginx-module-$ver || exit 1
@ -470,14 +485,14 @@ mv openresty-headers-more-nginx-module-* headers-more-nginx-module-$ver || exit
################################# #################################
ver=0.1.10 ver=0.1.11
$root/util/get-tarball "https://github.com/openresty/drizzle-nginx-module/tarball/v$ver" -O drizzle-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/drizzle-nginx-module/tarball/v$ver" -O drizzle-nginx-module-$ver.tar.gz || exit 1
tar -xzf drizzle-nginx-module-$ver.tar.gz || exit 1 tar -xzf drizzle-nginx-module-$ver.tar.gz || exit 1
mv openresty-drizzle-nginx-module-* drizzle-nginx-module-$ver || exit 1 mv openresty-drizzle-nginx-module-* drizzle-nginx-module-$ver || exit 1
################################# #################################
ver=0.10.12rc1 ver=0.10.13
$root/util/get-tarball "https://github.com/openresty/lua-nginx-module/tarball/v$ver" -O lua-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-nginx-module/tarball/v$ver" -O lua-nginx-module-$ver.tar.gz || exit 1
tar -xzf lua-nginx-module-$ver.tar.gz || exit 1 tar -xzf lua-nginx-module-$ver.tar.gz || exit 1
mv openresty-lua-nginx-module-* ngx_lua-$ver || exit 1 mv openresty-lua-nginx-module-* ngx_lua-$ver || exit 1
@ -491,7 +506,7 @@ mv openresty-lua-upstream-nginx-module-* ngx_lua_upstream-$ver || exit 1
################################# #################################
ver=0.0.3 ver=0.0.5
$root/util/get-tarball "https://github.com/openresty/stream-lua-nginx-module/tarball/v$ver" -O stream-lua-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/stream-lua-nginx-module/tarball/v$ver" -O stream-lua-nginx-module-$ver.tar.gz || exit 1
tar -xzf stream-lua-nginx-module-$ver.tar.gz || exit 1 tar -xzf stream-lua-nginx-module-$ver.tar.gz || exit 1
mv openresty-stream-lua-nginx-module-* ngx_stream_lua-$ver || exit 1 mv openresty-stream-lua-nginx-module-* ngx_stream_lua-$ver || exit 1
@ -505,7 +520,7 @@ mv openresty-array-var-nginx-module-* array-var-nginx-module-$ver || exit 1
################################# #################################
ver=0.18 ver=0.19
$root/util/get-tarball "https://github.com/openresty/memc-nginx-module/tarball/v$ver" -O memc-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/memc-nginx-module/tarball/v$ver" -O memc-nginx-module-$ver.tar.gz || exit 1
tar -xzf memc-nginx-module-$ver.tar.gz || exit 1 tar -xzf memc-nginx-module-$ver.tar.gz || exit 1
mv openresty-memc-nginx-module-* memc-nginx-module-$ver || exit 1 mv openresty-memc-nginx-module-* memc-nginx-module-$ver || exit 1
@ -533,7 +548,7 @@ mv calio-iconv-nginx-module-* iconv-nginx-module-$ver || exit 1
################################# #################################
ver=0.07 ver=0.08
$root/util/get-tarball "https://github.com/openresty/encrypted-session-nginx-module/tarball/v$ver" -O encrypted-session-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/encrypted-session-nginx-module/tarball/v$ver" -O encrypted-session-nginx-module-$ver.tar.gz || exit 1
tar -xzf encrypted-session-nginx-module-$ver.tar.gz || exit 1 tar -xzf encrypted-session-nginx-module-$ver.tar.gz || exit 1
mv openresty-encrypted-session-nginx-module-* encrypted-session-nginx-module-$ver || exit 1 mv openresty-encrypted-session-nginx-module-* encrypted-session-nginx-module-$ver || exit 1
@ -583,14 +598,14 @@ mv FRiCKLE-ngx_coolkit-* ngx_coolkit-$ver || exit 1
################################# #################################
ver=0.14 ver=0.15
$root/util/get-tarball "https://github.com/openresty/redis2-nginx-module/tarball/v$ver" -O redis2-nginx-module-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/redis2-nginx-module/tarball/v$ver" -O redis2-nginx-module-$ver.tar.gz || exit 1
tar -xzf redis2-nginx-module-$ver.tar.gz || exit 1 tar -xzf redis2-nginx-module-$ver.tar.gz || exit 1
mv openresty-redis2-nginx-module-* redis2-nginx-module-$ver || exit 1 mv openresty-redis2-nginx-module-* redis2-nginx-module-$ver || exit 1
################################# #################################
ver=0.20 ver=0.21
$root/util/get-tarball "https://github.com/openresty/resty-cli/tarball/v$ver" -O resty-cli-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/resty-cli/tarball/v$ver" -O resty-cli-$ver.tar.gz || exit 1
tar -xzf resty-cli-$ver.tar.gz || exit 1 tar -xzf resty-cli-$ver.tar.gz || exit 1
mv openresty-resty-cli-* resty-cli-$ver || exit 1 mv openresty-resty-cli-* resty-cli-$ver || exit 1
@ -598,7 +613,7 @@ resty_cli=resty-cli-$ver
################################# #################################
ver=0.0.4 ver=0.0.5
$root/util/get-tarball "https://github.com/openresty/opm/tarball/v$ver" -O opm-$ver.tar.gz || exit 1 $root/util/get-tarball "https://github.com/openresty/opm/tarball/v$ver" -O opm-$ver.tar.gz || exit 1
tar -xzf opm-$ver.tar.gz || exit 1 tar -xzf opm-$ver.tar.gz || exit 1
mv openresty-opm-* opm-$ver || exit 1 mv openresty-opm-* opm-$ver || exit 1
@ -631,7 +646,7 @@ mv openresty-opm-* opm-$ver || exit 1
################################# #################################
ver=2.1-20171103 ver=2.1-20180420
$root/util/get-tarball "https://github.com/openresty/luajit2/archive/v$ver.tar.gz" -O "LuaJIT-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/luajit2/archive/v$ver.tar.gz" -O "LuaJIT-$ver.tar.gz" || exit 1
tar -xzf LuaJIT-$ver.tar.gz || exit 1 tar -xzf LuaJIT-$ver.tar.gz || exit 1
mv luajit2-* LuaJIT-$ver || exit 1 mv luajit2-* LuaJIT-$ver || exit 1
@ -652,7 +667,7 @@ cd .. || exit 1
################################# #################################
ver=2.1.0.6rc2 ver=2.1.0.6
$root/util/get-tarball "https://github.com/openresty/lua-cjson/archive/$ver.tar.gz" -O "lua-cjson-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-cjson/archive/$ver.tar.gz" -O "lua-cjson-$ver.tar.gz" || exit 1
tar -xzf lua-cjson-$ver.tar.gz || exit 1 tar -xzf lua-cjson-$ver.tar.gz || exit 1
#cd lua-cjson-$ver || exit 1 #cd lua-cjson-$ver || exit 1
@ -687,7 +702,7 @@ cd ..
################################# #################################
ver=0.21rc2 ver=0.21
$root/util/get-tarball "https://github.com/openresty/lua-resty-dns/tarball/v$ver" -O "lua-resty-dns-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-resty-dns/tarball/v$ver" -O "lua-resty-dns-$ver.tar.gz" || exit 1
tar -xzf lua-resty-dns-$ver.tar.gz || exit 1 tar -xzf lua-resty-dns-$ver.tar.gz || exit 1
mv openresty-lua-resty-dns-* lua-resty-dns-$ver || exit 1 mv openresty-lua-resty-dns-* lua-resty-dns-$ver || exit 1
@ -759,7 +774,7 @@ cd ..
################################# #################################
ver=0.10 ver=0.11
$root/util/get-tarball "https://github.com/openresty/lua-resty-string/tarball/v$ver" -O "lua-resty-string-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-resty-string/tarball/v$ver" -O "lua-resty-string-$ver.tar.gz" || exit 1
tar -xzf lua-resty-string-$ver.tar.gz || exit 1 tar -xzf lua-resty-string-$ver.tar.gz || exit 1
mv openresty-lua-resty-string-* lua-resty-string-$ver || exit 1 mv openresty-lua-resty-string-* lua-resty-string-$ver || exit 1
@ -795,7 +810,7 @@ cd ..
################################# #################################
ver=0.07 ver=0.08
$root/util/get-tarball "https://github.com/openresty/lua-resty-lrucache/tarball/v$ver" -O "lua-resty-lrucache-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-resty-lrucache/tarball/v$ver" -O "lua-resty-lrucache-$ver.tar.gz" || exit 1
tar -xzf lua-resty-lrucache-$ver.tar.gz || exit 1 tar -xzf lua-resty-lrucache-$ver.tar.gz || exit 1
mv openresty-lua-resty-lrucache-* lua-resty-lrucache-$ver || exit 1 mv openresty-lua-resty-lrucache-* lua-resty-lrucache-$ver || exit 1
@ -807,7 +822,7 @@ cd ..
################################# #################################
ver=0.1.13 ver=0.1.15
$root/util/get-tarball "https://github.com/openresty/lua-resty-core/tarball/v$ver" -O "lua-resty-core-$ver.tar.gz" || exit 1 $root/util/get-tarball "https://github.com/openresty/lua-resty-core/tarball/v$ver" -O "lua-resty-core-$ver.tar.gz" || exit 1
tar -xzf lua-resty-core-$ver.tar.gz || exit 1 tar -xzf lua-resty-core-$ver.tar.gz || exit 1
mv openresty-lua-resty-core-* lua-resty-core-$ver || exit 1 mv openresty-lua-resty-core-* lua-resty-core-$ver || exit 1
@ -841,10 +856,12 @@ mkdir util || exit 1
cp $root/util/package-win32.sh util/ || exit 1 cp $root/util/package-win32.sh util/ || exit 1
cp $root/util/build-win32.sh util/ || exit 1 cp $root/util/build-win32.sh util/ || exit 1
cp $root/COPYRIGHT ./ || exit 1 cp $root/COPYRIGHT ./ || exit 1
perl bundle/$resty_cli/bin/md2pod.pl $root/doc/README-win32.md | pod2text > README-win32.txt || exit 1 perl bundle/$resty_cli/bin/md2pod.pl $root/doc/README-windows.md | pod2text > README-windows.txt || exit 1
unix2dos README-win32.txt || exit 1 unix2dos README-windows.txt || exit 1
mkdir patches/ || exit 1 mkdir patches/ || exit 1
cp $root/patches/openssl-1.0.2h-sess_set_get_cb_yield.patch patches/ || exit 1 cp $root/patches/openssl-1.0.2h-sess_set_get_cb_yield.patch patches/ || exit 1
cp $root/patches/openssl-1.1.0c-sess_set_get_cb_yield.patch patches/ || exit 1
cp $root/patches/openssl-1.1.0d-sess_set_get_cb_yield.patch patches/ || exit 1
restydoc_index=$bundle_dir/$resty_cli/bin/restydoc-index restydoc_index=$bundle_dir/$resty_cli/bin/restydoc-index
#restydoc_index=echo #restydoc_index=echo

25
util/package-win32.sh
View File

@ -1,7 +1,23 @@
#!/bin/bash #!/bin/bash
mingw32=/c/msys64/mingw32
info=`uname -a`
if [[ "$info" == MINGW64* ]]; then
arch="win64";
else
if [[ "$info" == MINGW32* ]]; then
arch="win32";
else
echo "Unknown architecture: $info" > /dev/stderr
exit 1
fi
fi
echo $arch
name=`pwd|perl -e '$d=<>;$d=~s{.*?/}{}g;$d=~s/$//g;print $d'` name=`pwd|perl -e '$d=<>;$d=~s{.*?/}{}g;$d=~s/$//g;print $d'`
name="$name-win32" name="$name-$arch"
echo $name echo $name
if [ -d $name ]; then if [ -d $name ]; then
rm -rf $name rm -rf $name
@ -9,12 +25,15 @@ fi
mkdir $name || exit 1 mkdir $name || exit 1
cp -r resty restydoc restydoc-index nginx.exe luajit.exe lua51.dll lua include lualib html conf logs pod $name/ || exit 1 cp -r resty restydoc restydoc-index nginx.exe luajit.exe lua51.dll lua include lualib html conf logs pod $name/ || exit 1
cp COPYRIGHT $name/ || exit 1 cp COPYRIGHT $name/ || exit 1
cp /c/MinGW/bin/libgcc_s_dw2-1.dll $name/ || exit 1 if [[ "$arch" == "win32" ]]; then
cp $mingw32/bin/libgcc_s_dw2-1.dll $name/ || exit 1
cp $mingw32/bin/libwinpthread-1.dll $name/ || exit 1
fi
cd $name || exit 1 cd $name || exit 1
PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat resty' || exit 1 PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat resty' || exit 1
PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat restydoc' || exit 1 PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat restydoc' || exit 1
PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat restydoc-index' || exit 1 PATH=/c/Strawberry/perl/bin:$PATH cmd /c 'pl2bat.bat restydoc-index' || exit 1
cp ../README-win32.txt README.txt cp ../README-windows.txt README.txt
unix2dos conf/* html/*.html resty || exit 1 unix2dos conf/* html/*.html resty || exit 1
cd .. || exit 1 cd .. || exit 1
zip -r $name.zip $name || exit 1 zip -r $name.zip $name || exit 1

4
util/ver
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
main_ver=1.13.8 main_ver=1.13.6
minor_ver=1rc0 minor_ver=2
version=$main_ver.$minor_ver version=$main_ver.$minor_ver
echo $version echo $version

209
valgrind.suppress Normal file
View File

@ -0,0 +1,209 @@
{
<insert_a_suppression_name_here>
Memcheck:Addr1
fun:ngx_init_cycle
fun:ngx_master_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:ngx_init_cycle
fun:ngx_master_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_vslprintf
fun:ngx_snprintf
fun:ngx_sock_ntop
fun:ngx_event_accept
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
}
{
<insert_a_suppression_name_here>
Memcheck:Addr1
fun:ngx_vslprintf
fun:ngx_snprintf
fun:ngx_sock_ntop
fun:ngx_event_accept
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_http_lua_ndk_set_var_get
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_http_variables_init_vars
fun:ngx_http_block
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_conf_parse
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_vslprintf
fun:ngx_log_error_core
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_ctl(event)
fun:epoll_ctl
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_conf_flush_files
fun:ngx_single_process_cycle
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:memcpy
fun:ngx_vslprintf
fun:ngx_log_error_core
fun:ngx_http_charset_header_filter
}
{
<insert_a_suppression_name_here>
Memcheck:Param
socketcall.setsockopt(optval)
fun:setsockopt
fun:drizzle_state_connect
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_conf_flush_files
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_event_process_init
}
{
<insert_a_suppression_name_here>
Memcheck:Param
sendmsg(mmsg[0].msg_hdr)
fun:sendmmsg
fun:__libc_res_nsend
}
{
<insert_a_suppression_name_here>
Memcheck:Param
sendmsg(msg.msg_iov[0])
fun:__sendmsg_nocancel
fun:ngx_write_channel
fun:ngx_pass_open_channel
fun:ngx_start_cache_manager_processes
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_init_cycle
fun:ngx_master_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:index
fun:expand_dynamic_string_token
fun:_dl_map_object
fun:map_doit
fun:_dl_catch_error
fun:do_preload
fun:dl_main
fun:_dl_sysdep_start
fun:_dl_start
}
{
<insert_a_suppression_name_here>
Memcheck:Param
sendmsg(mmsg[0].msg_hdr)
fun:sendmmsg
fun:__libc_res_nsend
fun:__libc_res_nquery
fun:__libc_res_nquerydomain
fun:__libc_res_nsearch
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:ngx_alloc
fun:ngx_set_environment
fun:ngx_single_process_cycle
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
obj:*
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:ngx_alloc
fun:ngx_set_environment
fun:ngx_worker_process_init
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:ngx_alloc
fun:ngx_create_pool
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_pwait(sigmask)
fun:epoll_pwait
fun:epoll_wait
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_pwait(sigmask)
fun:epoll_pwait
fun:epoll_wait
fun:ngx_epoll_test_rdhup
fun:ngx_epoll_init
fun:ngx_event_process_init
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_pwait(sigmask)
fun:epoll_pwait
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_pwait(sigmask)
fun:epoll_pwait
fun:ngx_epoll_test_rdhup
fun:ngx_epoll_init
fun:ngx_event_process_init
}