186526
/
openresty
mirror of https://github.com/openresty/openresty.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: 186526:v1.19.3.1
Branches Tags
186526:master
186526:cve
186526:or-1253rc1
186526:ngx-http-redis
186526:1.21.4.x
186526:v24.2
186526:bump-1.21.4.2
186526:rel
186526:close_fd
186526:1.19.3.x
186526:1.17.8.x
186526:1.15.8.x
186526:nginx-1.13.8
186526:v1.25.3.1
186526:v1.21.4.3
186526:v1.21.4.2
186526:v1.21.4.2rc1
186526:v1.21.4.1
186526:v1.21.4.1rc3
186526:v1.21.4.1rc2
186526:v1.21.4.1rc1
186526:v1.19.9.1
186526:v1.19.9.1rc1
186526:v1.19.3.2
186526:v1.19.3.1
186526:v1.19.3.1rc1
186526:v1.19.3.1rc0
186526:v1.17.8.2
186526:v1.17.8.1
186526:v1.15.8.3
186526:v1.17.8.1rc1
186526:v1.15.8.2
186526:v1.15.8.1
186526:v1.15.8.1rc2
186526:v1.15.8.1rc1
186526:v1.13.6.2
186526:v1.13.6.1
186526:v1.11.2.5
186526:v1.11.2.4
186526:v1.11.2.3
186526:v1.11.2.2
186526:v1.11.2.1
186526:v1.9.15.1
186526:v1.9.7.5
186526:v1.9.7.4
186526:v1.9.7.3
186526:v1.9.7.2
186526:v1.9.7.1
186526:v1.9.3.2
186526:v1.9.3.1
186526:v1.9.3.1rc1
186526:v1.7.10.2
186526:v1.7.10.1
186526:v1.7.7.2
186526:v1.7.7.1
186526:v1.7.4.1
186526:v1.7.2.1
186526:v1.7.0.1
186526:v1.5.12.1
186526:v1.5.11.1
186526:v1.5.8.1
186526:v1.4.3.9
186526:v1.4.3.7
186526:v1.4.3.6
186526:v1.4.3.4
186526:v1.4.3.3
186526:v1.4.3.1
186526:v1.4.2.9
186526:v1.4.2.8
186526:v1.4.2.7
186526:v1.4.2.5
186526:v1.4.2.3
186526:v1.4.2.1
186526:v1.4.1.3
186526:v1.4.1.1
186526:v1.2.8.6
186526:v1.2.8.5
186526:v1.2.8.3
186526:v1.2.7.8
186526:v1.2.8.1
186526:v1.2.7.6
186526:v1.2.7.5
186526:v1.2.7.3
186526:v1.2.7.1
186526:v1.2.6.6
186526:v1.2.6.5
186526:v1.2.6.3
186526:v1.2.6.1
186526:v1.2.4.14
186526:v1.2.4.13
186526:v1.2.4.11
186526:v1.2.4.9
186526:v1.2.4.7
186526:v1.2.4.5
186526:v1.2.4.3
186526:v1.2.4.1
186526:v1.2.3.8
186526:v1.2.3.7
186526:v1.2.3.5
186526:v1.2.3.3
186526:v1.2.3.1
186526:v1.2.1.14
186526:v1.2.1.13
186526:v1.2.1.11
186526:v1.2.1.9
186526:v1.2.1.7
186526:v1.2.1.5
186526:v1.2.1.3
186526:v1.2.1.1
186526:v1.0.15.11
186526:v1.0.15.10
186526:v1.0.15.9
186526:v1.0.15.7
186526:v1.0.15.5
186526:v1.0.15.3
186526:v1.0.15.1
186526:v1.0.11.28
186526:v1.0.11.27
186526:v1.0.11.25
186526:v1.0.11.23
186526:v1.0.11.21
186526:v1.0.11.19
186526:v1.0.11.17
186526:v1.0.11.15
186526:v1.0.11.11
186526:v1.0.11.9
186526:v1.0.11.7
186526:v1.0.11.3
186526:v1.0.10.48
186526:v1.0.10.47
186526:v1.1.13.1
186526:v1.1.12.5
186526:v1.1.12.4
186526:v1.0.10.45
186526:v1.0.10.44
186526:v1.0.10.43
186526:v1.1.12.3
186526:v1.0.10.41
186526:v1.0.10.35
186526:v1.0.10.33
186526:v1.0.10.31
186526:v1.0.10.29
186526:v1.0.10.27
186526:v1.0.10.25
186526:v1.0.10.24
186526:v1.0.10.23
186526:v1.0.10.21
186526:v1.0.10.19
186526:v1.0.10.17
186526:v1.0.10.15
186526:v1.0.10.13
186526:v1.0.10.11
186526:v1.0.10.9
186526:v1.0.10.7
186526:v1.0.10.5
186526:v1.0.10.3
186526:v1.0.10.1
186526:v1.0.9.10
186526:v1.0.9.9
186526:v1.0.9.7
186526:v1.0.9.5
186526:v1.0.9.3
186526:v1.0.9.1
186526:v1.0.8.26
186526:v1.0.8.21
186526:v1.0.8.19
186526:v1.0.8.17
186526:v1.0.8.15
186526:v1.0.8.13
186526:v1.0.8.11
186526:v1.0.8.9
186526:v1.0.8.7
186526:v1.0.8.5
186526:v1.0.8.3
186526:v1.0.8.1
186526:v1.0.6.22
186526:v1.0.6.5
186526:v1.0.6.3
186526:v1.0.5.1
186526:v1.0.5.0
186526:v1.0.4.2
186526:v1.0.4.1
186526:v1.0.4.0
186526:v0.8.54.9
186526:v0.8.54.8
186526:v0.8.54.6
186526:v0.8.54.5
186526:v0.8.54.4
186526:v0.8.54.3
...
compare: 186526:master
Branches Tags
186526:master
186526:cve
186526:or-1253rc1
186526:ngx-http-redis
186526:1.21.4.x
186526:v24.2
186526:bump-1.21.4.2
186526:rel
186526:close_fd
186526:1.19.3.x
186526:1.17.8.x
186526:1.15.8.x
186526:nginx-1.13.8
186526:v1.25.3.1
186526:v1.21.4.3
186526:v1.21.4.2
186526:v1.21.4.2rc1
186526:v1.21.4.1
186526:v1.21.4.1rc3
186526:v1.21.4.1rc2
186526:v1.21.4.1rc1
186526:v1.19.9.1
186526:v1.19.9.1rc1
186526:v1.19.3.2
186526:v1.19.3.1
186526:v1.19.3.1rc1
186526:v1.19.3.1rc0
186526:v1.17.8.2
186526:v1.17.8.1
186526:v1.15.8.3
186526:v1.17.8.1rc1
186526:v1.15.8.2
186526:v1.15.8.1
186526:v1.15.8.1rc2
186526:v1.15.8.1rc1
186526:v1.13.6.2
186526:v1.13.6.1
186526:v1.11.2.5
186526:v1.11.2.4
186526:v1.11.2.3
186526:v1.11.2.2
186526:v1.11.2.1
186526:v1.9.15.1
186526:v1.9.7.5
186526:v1.9.7.4
186526:v1.9.7.3
186526:v1.9.7.2
186526:v1.9.7.1
186526:v1.9.3.2
186526:v1.9.3.1
186526:v1.9.3.1rc1
186526:v1.7.10.2
186526:v1.7.10.1
186526:v1.7.7.2
186526:v1.7.7.1
186526:v1.7.4.1
186526:v1.7.2.1
186526:v1.7.0.1
186526:v1.5.12.1
186526:v1.5.11.1
186526:v1.5.8.1
186526:v1.4.3.9
186526:v1.4.3.7
186526:v1.4.3.6
186526:v1.4.3.4
186526:v1.4.3.3
186526:v1.4.3.1
186526:v1.4.2.9
186526:v1.4.2.8
186526:v1.4.2.7
186526:v1.4.2.5
186526:v1.4.2.3
186526:v1.4.2.1
186526:v1.4.1.3
186526:v1.4.1.1
186526:v1.2.8.6
186526:v1.2.8.5
186526:v1.2.8.3
186526:v1.2.7.8
186526:v1.2.8.1
186526:v1.2.7.6
186526:v1.2.7.5
186526:v1.2.7.3
186526:v1.2.7.1
186526:v1.2.6.6
186526:v1.2.6.5
186526:v1.2.6.3
186526:v1.2.6.1
186526:v1.2.4.14
186526:v1.2.4.13
186526:v1.2.4.11
186526:v1.2.4.9
186526:v1.2.4.7
186526:v1.2.4.5
186526:v1.2.4.3
186526:v1.2.4.1
186526:v1.2.3.8
186526:v1.2.3.7
186526:v1.2.3.5
186526:v1.2.3.3
186526:v1.2.3.1
186526:v1.2.1.14
186526:v1.2.1.13
186526:v1.2.1.11
186526:v1.2.1.9
186526:v1.2.1.7
186526:v1.2.1.5
186526:v1.2.1.3
186526:v1.2.1.1
186526:v1.0.15.11
186526:v1.0.15.10
186526:v1.0.15.9
186526:v1.0.15.7
186526:v1.0.15.5
186526:v1.0.15.3
186526:v1.0.15.1
186526:v1.0.11.28
186526:v1.0.11.27
186526:v1.0.11.25
186526:v1.0.11.23
186526:v1.0.11.21
186526:v1.0.11.19
186526:v1.0.11.17
186526:v1.0.11.15
186526:v1.0.11.11
186526:v1.0.11.9
186526:v1.0.11.7
186526:v1.0.11.3
186526:v1.0.10.48
186526:v1.0.10.47
186526:v1.1.13.1
186526:v1.1.12.5
186526:v1.1.12.4
186526:v1.0.10.45
186526:v1.0.10.44
186526:v1.0.10.43
186526:v1.1.12.3
186526:v1.0.10.41
186526:v1.0.10.35
186526:v1.0.10.33
186526:v1.0.10.31
186526:v1.0.10.29
186526:v1.0.10.27
186526:v1.0.10.25
186526:v1.0.10.24
186526:v1.0.10.23
186526:v1.0.10.21
186526:v1.0.10.19
186526:v1.0.10.17
186526:v1.0.10.15
186526:v1.0.10.13
186526:v1.0.10.11
186526:v1.0.10.9
186526:v1.0.10.7
186526:v1.0.10.5
186526:v1.0.10.3
186526:v1.0.10.1
186526:v1.0.9.10
186526:v1.0.9.9
186526:v1.0.9.7
186526:v1.0.9.5
186526:v1.0.9.3
186526:v1.0.9.1
186526:v1.0.8.26
186526:v1.0.8.21
186526:v1.0.8.19
186526:v1.0.8.17
186526:v1.0.8.15
186526:v1.0.8.13
186526:v1.0.8.11
186526:v1.0.8.9
186526:v1.0.8.7
186526:v1.0.8.5
186526:v1.0.8.3
186526:v1.0.8.1
186526:v1.0.6.22
186526:v1.0.6.5
186526:v1.0.6.3
186526:v1.0.5.1
186526:v1.0.5.0
186526:v1.0.4.2
186526:v1.0.4.1
186526:v1.0.4.0
186526:v0.8.54.9
186526:v0.8.54.8
186526:v0.8.54.6
186526:v0.8.54.5
186526:v0.8.54.4
186526:v0.8.54.3

124 Commits
v1.19.3.1 ... master

Author SHA1 Message Date
lijunlong 9c9495b6f9
bugfix: backport fixes for CVE-2024-24989 and CVE-2024-24990. 2024-05-01 10:11:04 +08:00
lijunlong 7b7fcbe078
tests: fixed failed test introduced by commit ad33f56e91. 2024-01-13 10:16:10 +08:00
swananan 478d980900
changes: remove the pcre2 disable config. 2024-01-12 22:13:21 +08:00
Yichun Zhang (agentzh) ad33f56e91
change: Makefile: added new INSTALL variable that can be overridden from the make command line. 
Also fixed compatibility with Android Termux's install utility.
 2024-01-09 22:59:56 -08:00
Johnny Wang 8978f0426f
formal release 1.25.3.1. (#952) 2024-01-04 11:43:38 +08:00
ruoyidero a71e039a0d
updated the default index page and 50x error page. (#949) 2024-01-04 10:57:01 +08:00
Johnny Wang 8760b0af4a
win32: upgraded deps openssl to 1.1.1w and zlib to 1.3. (#950) 2023-12-31 10:02:42 +08:00
lijunlong 6fe9e3f7e6
feature: release openresty-1.25.3rc1. 
Co-authored-by: jiahao <wangjiahao@openresty.com>
 2023-12-29 16:14:01 +08:00
lijunlong aecf396061
feature: add patch for nginx-1.25.3. 2023-11-23 18:09:34 +08:00
lijunlong 348fcffc2b tests: update test expectation. 2023-10-27 18:23:24 +08:00
lijunlong 5196b0d9ac bumped headers-more-nginx-module to v0.35. 2023-10-27 10:45:32 +08:00
Johnny Wang 2f97ded92b
bugfix: applied the patch for secrity advisory to NGINX cores (CVE-2023-44487). (#931) 2023-10-18 15:00:46 +08:00
swananan d086dbcfc5
bugfix: make no_error_pages patch more accurate to ensure work properly on macOS. 2023-08-28 23:04:49 +08:00
swananan 6278b1aeae feature: upgrade nginx core to 1.25.1 which supports HTTP3. 2023-08-05 23:18:27 +08:00
Johnny Wang cf8c2f827e
change: dist-check: close nginx using PID file instead of killall. (#916) 2023-07-17 16:49:36 +08:00
lijunlong cd976f9286
bumped ngx_lua to 0.10.25, lua-resty-core to 0.1.27. 
bumped version to 1.21.4.2.
 2023-06-21 21:19:59 +08:00
Yichun Zhang (agentzh) dfbc003724 bugfix: dist-check: avoid killall nginx. 2023-04-17 10:24:06 -07:00
Johnny Wang a1730aba13
upgraded luajit2 to 2.1-20230410. (#903) 2023-04-14 17:02:57 +08:00
Yichun Zhang (agentzh) 055e86bff2 rc1 comes first. 2023-03-30 15:44:48 -07:00
Johnny Wang f8e47102b7
bumped ngx_lua to 0.10.24, ngx_stream_lua to 0.0.13, lua-resty-core to 0.1.26. (#898) 
* bumped lua-resty-upstream-healthcheck version to 0.08.

* tests: disable ipv6 for linux s390x.

* bumped version to 1.21.4.2.
 2023-03-23 18:23:03 +08:00
Yichun Zhang (agentzh) 0d32bd9bdb win32: upgraded deps openssl, zlib, and pcre. 2023-03-08 15:23:08 -08:00
Johnny Wang 9fcf59d7b2
bumped ngx_lua version to 0.10.23. (#897) 2023-03-08 15:10:14 +08:00
Johnny Wang 3c838ca999
upgraded ngx_lua to 0.10.23rc3. (#896) 2023-03-07 16:23:52 +08:00
Johnny Wang 222b48ab61
bumped version to 1.21.4.2rc1. (#895) 2023-03-07 12:25:28 +08:00
Yichun Zhang (agentzh) 3e4114a5f6 updated the default index page and 50x error page. 2023-03-04 13:39:35 -08:00
Johnny Wang 7a923b387d
upgraded ngx_lua to 0.10.23. (#890) 
* upgraded stream_ngx_lua to 0.0.12.
* upgraded srcache-nginx-module to 0.33.
* upgraded lua-resty-memcached to 0.17.
* upgraded lua-resty-mysql to 0.26.
* upgraded lua-resty-upload to 0.11.
* upgraded lua-resty-websocket to 0.10.
* upgraded lua-resty-core to 0.1.25.
 2023-02-16 11:10:23 +08:00
Johnny Wang d5c5ccbad2
upgraded ngx_lua to 0.10.23rc2. (#889) 
upgraded lua-resty-core to 0.1.25rc2.
 2023-02-09 11:23:08 +08:00
Johnny Wang 21eb0377ac
travis: upgraded OpenSSL to 1.1.1s. 2023-01-19 22:01:10 +08:00
jiahao 4e6a67922c
tests: fixed tests to reflect component version bumps for 1.21.4.2. 2023-01-19 17:56:23 +08:00
jiahao 6b8e60f250
upgraded luajit2 to 2.1-20230119. 2023-01-19 16:18:23 +08:00
jiahao 9c7427f75f
upgraded lua-resty-websocket to 0.10rc1. 2023-01-19 16:14:23 +08:00
jiahao 95f7d3297f
upgraded rds-json-nginx-module to 0.16. 2023-01-19 16:14:23 +08:00
jiahao b14716be04
upgraded ngx_devel_kit to 0.3.2. 2023-01-19 16:14:22 +08:00
jiahao acfb47448b
upgraded headers-more-nginx-module to 0.34. 2023-01-19 16:14:22 +08:00
jiahao 0eae2a784b
upgraded lua-nginx-module to 0.10.23rc1. 2023-01-19 16:14:22 +08:00
jiahao 05362687c2
upgraded resty-cli to 0.29. 2023-01-19 16:14:22 +08:00
jiahao 965ccfb230
upgraded lua-resty-mysql to 0.26rc1. 2023-01-19 16:14:19 +08:00
jiahao 56acc7b9c2
upgraded lua-resty-upload to 0.11rc1. 2023-01-19 16:13:58 +08:00
jiahao f5eaffb12a
upgraded lua-resty-memcached to 0.17rc1. 2023-01-19 16:13:54 +08:00
jiahao 86267fc022
upgraded echo-nginx-module to 0.63. 2023-01-19 11:37:20 +08:00
jiahao 90363486a5
upgraded drizzle-nginx-module to 0.1.12. 2023-01-19 11:36:32 +08:00
jiahao eaa41a295a
upgraded lua-resty-lrucache to 0.13. 2023-01-19 11:32:04 +08:00
jiahao adae554762
upgraded lua-cjson to 2.1.0.11. 2023-01-19 11:30:12 +08:00
jiahao 691cddfe90
upgraded srcache-nginx-module to 0.33rc1. 2023-01-19 11:26:49 +08:00
jiahao 3b626720b2
upgraded stream-lua-nginx-module to 0.0.12rc1. 2023-01-19 11:03:03 +08:00
jiahao 42e8796c67
upgraded lua-resty-core to 0.1.25rc1. 2023-01-19 11:01:12 +08:00
jiahao 7043c6b9b7
upgraded opm to 0.0.7. 2023-01-19 10:59:28 +08:00
jiahao 3aec27a4e8
upgraded lua-resty-lock to 0.09. 2023-01-19 10:54:22 +08:00
jiahao d1846b1c9d
upgraded lua-resty-upstream-healthcheck to 0.07. 2023-01-19 10:53:06 +08:00
jiahao 369f93ccbd
upgraded array-var-nginx-module to 0.06. 2023-01-19 10:47:50 +08:00
Josh Soref e7e21f9b40
Refresh check-spelling workflow (#865) 2022-09-23 20:41:48 +08:00
lijunlong 21c58ae1f5
bumped version to 1.21.4.2. (#863) 2022-09-15 20:09:17 +08:00
fesily 0d3f8f0a0b
bugfix:tarballs add privileged agent threadpool (#848) 2022-07-16 17:03:33 +08:00
fesily d0a77980eb
patches: add privileged agent thread pool (#847) 2022-07-13 23:34:54 +08:00
罗泽轩 47eb6f3962
style: add a way to check PR title automatically (#846) 
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
 2022-07-04 21:09:21 +08:00
Johnny Wang 546175e3c5
ci: upgraded OpenSSL to 1.1.1p. (#844) 
* win32/win64: upgraded openssl to 1.1.1p.
 2022-07-02 10:49:28 +08:00
lijunlong ae42a6bd86
upgrade nginx core to 1.23.0. (#839) 2022-06-27 15:17:19 +08:00
Johnny Wang 37fe0d4314
bumped version to 1.21.4.1. (#832) 2022-05-13 15:04:38 +08:00
Johnny Wang e699097b04
bumped version to 1.21.4.1rc3. (#828) 2022-04-14 18:25:19 +08:00
lijunlong 74d747d9b4
tests: 002-reuseport-close-unused-fds.t: the order of the logs generated by multiple processes is uncertain. (#827) 2022-04-12 23:25:45 +08:00
Johnny Wang 733ab1d043
win32/win64: upgrade zlib to 1.2.12. (#823) 2022-04-11 20:37:22 +08:00
Johnny Wang 4082fb0d1d
upgraded luajit to 2.1-20220411. (#826) 2022-04-11 17:20:43 +08:00
Johnny Wang fb254e1ff6
win32/win64: upgraded openssl to 1.1.1n. (#820) 2022-03-22 22:41:50 +08:00
jiahao 202d218840 bumped version to 1.21.4.1rc2. 2022-03-11 12:21:51 +08:00
jiahao 1b145ac3ca upgraded luajit to 2.1-20220310. 2022-03-10 17:26:14 +08:00
jiahao 5c9d9661c7 upgraded ngx_lua to 0.10.21rc2. 2022-03-02 14:57:46 +08:00
Artiom Vaskov 231eebec0b
tests: actually run testing on s390x. (#812) 
Signed-off-by: Artiom Vaskov <Artiom.Vaskov@ibm.com>
 2022-02-06 15:41:46 +08:00
lijunlong fa95e176fb
travis: added spelling check workflow. (#811) 2022-01-29 20:46:37 +08:00
Yichun Zhang (agentzh) f6b6f10fc0 win32/win64: upgraded openssl to 1.1.1m. 2022-01-26 12:00:54 -08:00
Johnny Wang e44c540725
tests: fixed tests to reflect LuaJIT version bumps. (#810) 2022-01-26 23:43:44 +08:00
Johnny Wang d84bf6756d
upgraded luajit to 2.1-20220111. (#806) 2022-01-11 23:42:38 +08:00
Johnny Wang a7142a8934
bugfix: fixed typo in no-pool patch of 1.21.4. (#799) 2021-12-22 12:09:58 +08:00
Johnny Wang f3a85d860f
upgraded ngx_lua to 0.10.21rc1, ngx_stream_lua to 0.0.11rc1, lua-resty-core to 0.1.23rc1, ... (#795) 
luajit to 2.1-20211210, lua-resty-websocket to 0.09rc1, lua-resty-redis to 0.30rc1, lua-resty-limit-traffic to 0.08rc1, lua-resty-mysql to 0.25rc1, set-misc-nginx-module to 0.33, encrypted-session-nginx-module to 0.09, lua-resty-string to 0.15, lua-cjson to 2.1.0.10rc1
 2021-12-11 09:19:56 +08:00
RocFang 0c2d10af40
bugfix: echoed the wrong message when applying ssl_client_hello_cb_yield.patch (#789) 2021-11-29 23:56:07 +08:00
Johnny Wang 7e1cf985cf
bugfix: check if the worker_connections is 0 before privileged agent spawning. (#786) 
The core dump may occur during initialization

    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  0x0000000000441711 in ngx_event_process_init (cycle=0x1e93cc0) at src/event/ngx_event.c:807
    801         i = cycle->connection_n;
    802         next = NULL;
    803
    804         do {
    805             i--;
    806
    807             c[i].data = next;
    #1  0x000000000044abb9 in ngx_worker_process_init (cycle=cycle@entry=0x1e93cc0, worker=worker@entry=-1) at src/os/unix/ngx_process_cycle.c:968
 2021-11-09 14:23:33 +08:00
Johnny Wang 4a092bb740
travis-ci: updated ftp.pcre.org to sourceforge mirror to download pcre. (#784) 2021-11-05 22:47:25 +08:00
jiahao 6568f3f2f1 travis-ci: fixed warnings on .travis.yml. 2021-11-05 16:18:52 +08:00
jiahao 9781850623 travis-ci: remove unnecessary ones from the test matrix. 2021-11-05 15:05:00 +08:00
lijunlong 7df6239881 upgrade the nginx core to 1.21.4. 2021-11-05 11:59:23 +08:00
jiahao 72ca953bf2 mirror-tarballs: fixed the directory deletion errors. 2021-10-29 09:25:55 +08:00
Johnny Wang 5c7ad29352
upgrade the nginx core to 1.21.3. (#779) 2021-10-26 16:07:59 +08:00
Johnny Wang c2bf0b421c
travis-ci: upgrade dist of travis-ci to ubuntu bionic. (#778) 2021-10-16 14:34:50 +08:00
Zhefeng Chen 9fa420424a patches: added the nginx-1.19.9-ssl_client_hello_cb_yield patch. 2021-09-20 18:31:15 +08:00
Krishna Harsha Voora c7a3cfe57f travis-ci: enable ci test for ppc64le. 
This PR fixes issue #731
For every PR, an equivalent Travis job is triggered for ppc64le architecture.

Signed-off-by: Krishna Harsha Voora <krishvoor@in.ibm.com>
 2021-09-13 15:42:24 +08:00
Johnny Wang ab5a632278
win32: upgraded openssl to 1.1.1l. (#773) 2021-09-11 15:34:57 +08:00
Johnny Wang 1befa30baa
upgraded ngx_http_redis module to 0.3.9. (#754) 2021-08-13 14:01:00 +08:00
Yichun Zhang (agentzh) df4d005211 Merge branch 'v1.19.9.x' 2021-08-06 14:17:32 -07:00
Yichun Zhang (agentzh) 04ef2ec590 bumped version to 1.19.9.1. 2021-08-05 18:28:44 -07:00
John Bampton f39a584775 chore: fix spelling 2021-07-23 20:03:20 +08:00
wangyao c93ef77262
change: introduce a new patch for privileged agent process connections. (#751) 2021-07-19 18:34:46 +08:00
Yao Wang 174f72b95c feature: add config ability for privileged connections number. 2021-07-13 12:47:57 +08:00
jiahao ee23eb4a51 upgraded lua-resty-signal to 0.03. 2021-06-30 15:27:07 +08:00
jiahao 6aeb03501f upgraded lua-resty-core to 0.1.22. 2021-06-30 15:24:19 +08:00
jiahao 805df3d657 upgraded lua-resty-lrucache to 0.11. 2021-06-30 15:21:05 +08:00
jiahao 077b4dcef8 upgraded lua-resty-string to 0.14. 2021-06-30 15:17:37 +08:00
jiahao 4933c6f612 upgraded lua-resty-mysql to 0.24. 2021-06-30 15:15:50 +08:00
jiahao ca141a4b66 upgraded lua-resty-memcached to 0.16. 2021-06-30 15:06:23 +08:00
jiahao 13700cacb6 upgraded lua-resty-dns to 0.22. 2021-06-30 14:45:54 +08:00
jiahao 9d1eb80e1e upgraded opm to 0.0.6. 2021-06-30 14:43:37 +08:00
jiahao 826e7286e0 upgraded resty-cli to 0.28. 2021-06-30 14:39:36 +08:00
jiahao 4b99fd3c0e upgraded ngx_stream_lua to 0.0.10. 2021-06-30 14:36:42 +08:00
jiahao 66a8c85811 upgraded ngx_lua to 0.10.20. 2021-06-30 14:24:26 +08:00
Johnny Wang 46610182dd
travis-ci: upgraded OpenSSL to 1.1.1k. (#743) 2021-06-01 12:20:27 +08:00
Johnny Wang 4b5ec7edd7
bugfix: applied the patch for security advisory to NGINX cores >= 0.6.18 and <= 1.20.0 (CVE-2021-23017). (#739) 2021-05-28 10:25:01 +08:00
jiahao 42410a71cd upgraded ngx_stream_lua to 0.0.10rc2. 2021-05-12 10:58:38 +08:00
Johnny Wang fcac763f22
win32: upgraded openssl to 1.1.1k. (#730) 2021-05-11 23:07:37 +08:00
jiahao b3c6965092 upgraded LuaJIT to 2.1-20210510. 2021-05-10 14:31:22 +08:00
jiahao e51b659141 upgraded lua-tablepool to 0.02. 2021-05-07 23:29:20 +08:00
jiahao e06dd8ff32 upgraded lua-resty-signal to 0.03rc1. 2021-05-07 23:08:41 +08:00
jiahao c5c858bbca upgraded lua-resty-core to 0.1.22rc1. 2021-05-07 22:17:38 +08:00
jiahao 34645f7dc8 upgraded ngx_stream_lua to 0.0.10rc1. 2021-05-07 22:14:49 +08:00
jiahao 7586293fe7 upgraded ngx_lua to 0.10.20rc1. 2021-05-07 22:11:49 +08:00
jiahao 99d01cdc1c upgraded opm to 0.0.6rc1. 2021-05-07 19:34:02 +08:00
jiahao bd1b387c3d upgraded resty-cli to 0.28rc1. 2021-05-07 19:31:58 +08:00
jiahao 12db974fc0 upgraded lua-resty-dns to 0.22rc1. 2021-05-07 19:29:43 +08:00
jiahao 7d262c5c8d upgraded lua-resty-mysql to 0.24rc1. 2021-05-07 19:27:17 +08:00
jiahao b9a6f107e2 upgraded lua-resty-string to 0.14rc1. 2021-05-07 19:24:35 +08:00
jiahao 2be7ad590e upgraded lua-resty-lrucache to 0.11rc1. 2021-05-07 19:21:12 +08:00
Johnny Wang 6cd17e53fa
upgraded lua-resty-memcached to v0.16rc1. 2021-05-07 19:17:04 +08:00
John Bampton e0eb531243
doc: fixed misspelling. (#693) 2021-05-07 17:32:19 +08:00
Zhang Xiang 40104504e5
build-win32.sh: removed redundant configuration '--with-ipv6'. (#696) 2021-05-07 17:30:35 +08:00
Johnny Wang b4592301ad
tests: fixed tests to reflect nginx version bumps. (#718) 2021-04-01 18:25:47 +08:00
Johnny Wang 1562e11be5
upgraded the nginx core to 1.19.9. (#717) 2021-04-01 18:20:03 +08:00
Johnny Wang 3abb2c7fae
upgraded the nginx core to 1.19.8. (#715) 2021-03-29 12:36:42 +08:00
286 changed files with 23855 additions and 2390 deletions
Show Stats Expand all files Collapse all files

16
.github/actions/spelling/README.md vendored Normal file
View File

@ -0,0 +1,16 @@
# check-spelling/check-spelling configuration
File | Purpose | Format | Info
-|-|-|-
[dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
[allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
[reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
[excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
[only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
[patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
[line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
[expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
[advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
Note: you can replace any of these files with a directory by the same name (minus the suffix)
and then include multiple files inside that directory (with that suffix) to merge multiple files together.

25
.github/actions/spelling/advice.md vendored Normal file
View File

@ -0,0 +1,25 @@
<!-- See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice --> <!-- markdownlint-disable MD033 MD041 -->
<details><summary>If the flagged items are false positives</summary>
If items relate to a ...
* binary file (or some other file you wouldn't want to check at all).
Please add a file path to the `excludes.txt` file matching the containing file.
File paths are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
../tree/HEAD/README.md) (on whichever branch you're using).
* well-formed pattern.
If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it,
try adding it to the `patterns.txt` file.
Patterns are Perl 5 Regular Expressions - you can [test](
https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings.
</details>

4
.github/actions/spelling/allow.txt vendored Normal file
View File

@ -0,0 +1,4 @@
github
https
ssh
ubuntu

458
.github/actions/spelling/candidate.patterns vendored Normal file
View File

@ -0,0 +1,458 @@
# marker to ignore all code on line
^.*/\* #no-spell-check-line \*/.*$
# marker for ignoring a comment to the end of the line
// #no-spell-check.*$
# patch hunk comments
^\@\@ -\d+(?:,\d+|) \+\d+(?:,\d+|) \@\@ .*
# git index header
index [0-9a-z]{7,40}\.\.[0-9a-z]{7,40}
# cid urls
(['"])cid:.*?\g{-1}
# data url in parens
\(data:[^)]*?(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})[^)]*\)
# data url in quotes
([`'"])data:.*?(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,}).*\g{-1}
# data url
data:[-a-zA-Z=;:/0-9+]*,\S*
# mailto urls
mailto:[-a-zA-Z=;:/?%&0-9+@.]{3,}
# magnet urls
magnet:[?=:\w]+
# obs:
"obs:[^"]*"
# The `\b` here means a break, it's the fancy way to handle urls, but it makes things harder to read
# In this examples content, I'm using a number of different ways to match things to show various approaches
# asciinema
\basciinema\.org/a/[0-9a-zA-Z]+
# apple
\bdeveloper\.apple\.com/[-\w?=/]+
# Apple music
\bembed\.music\.apple\.com/fr/playlist/usr-share/[-\w.]+
# appveyor api
\bci\.appveyor\.com/api/projects/status/[0-9a-z]+
# appveyor project
\bci\.appveyor\.com/project/(?:[^/\s"]*/){2}builds?/\d+/job/[0-9a-z]+
# Amazon
# Amazon
\bamazon\.com/[-\w]+/(?:dp/[0-9A-Z]+|)
# AWS S3
\b\w*\.s3[^.]*\.amazonaws\.com/[-\w/&#%_?:=]*
# AWS execute-api
\b[0-9a-z]{10}\.execute-api\.[-0-9a-z]+\.amazonaws\.com\b
# AWS ELB
\b\w+\.[-0-9a-z]+\.elb\.amazonaws\.com\b
# AWS SNS
\bsns\.[-0-9a-z]+.amazonaws\.com/[-\w/&#%_?:=]*
# While you could try to match `http://` and `https://` by using `s?` in `https?://`, sometimes there
# YouTube url
\b(?:(?:www\.|)youtube\.com|youtu.be)/(?:channel/|embed/|user/|playlist\?list=|watch\?v=|v/|)[-a-zA-Z0-9?&=_%]*
# YouTube music
\bmusic\.youtube\.com/youtubei/v1/browse(?:[?&]\w+=[-a-zA-Z0-9?&=_]*)
# YouTube tag
<\s*youtube\s+id=['"][-a-zA-Z0-9?_]*['"]
# YouTube image
\bimg\.youtube\.com/vi/[-a-zA-Z0-9?&=_]*
# Google Accounts
\baccounts.google.com/[-_/?=.:;+%&0-9a-zA-Z]*
# Google Analytics
\bgoogle-analytics\.com/collect.[-0-9a-zA-Z?%=&_.~]*
# Google APIs
\bgoogleapis\.(?:com|dev)/[a-z]+/(?:v\d+/|)[a-z]+/[-@:./?=\w]+
# Google Storage
\b[-a-zA-Z0-9.]*\bstorage\d*\.googleapis\.com(?:/\S*|)
# Google Calendar
\bcalendar\.google\.com/calendar(?:/u/\d+|)/embed\?src=[@./?=\w&%]+
\w+\@group\.calendar\.google\.com\b
# Google DataStudio
\bdatastudio\.google\.com/(?:(?:c/|)u/\d+/|)(?:embed/|)(?:open|reporting|datasources|s)/[-0-9a-zA-Z]+(?:/page/[-0-9a-zA-Z]+|)
# The leading `/` here is as opposed to the `\b` above
# ... a short way to match `https://` or `http://` since most urls have one of those prefixes
# Google Docs
/docs\.google\.com/[a-z]+/(?:ccc\?key=\w+|(?:u/\d+|d/(?:e/|)[0-9a-zA-Z_-]+/)?(?:edit\?[-\w=#.]*|/\?[\w=&]*|))
# Google Drive
\bdrive\.google\.com/(?:file/d/|open)[-0-9a-zA-Z_?=]*
# Google Groups
\bgroups\.google\.com/(?:(?:forum/#!|d/)(?:msg|topics?|searchin)|a)/[^/\s"]+/[-a-zA-Z0-9$]+(?:/[-a-zA-Z0-9]+)*
# Google Maps
\bmaps\.google\.com/maps\?[\w&;=]*
# Google themes
themes\.googleusercontent\.com/static/fonts/[^/\s"]+/v\d+/[^.]+.
# Google CDN
\bclients2\.google(?:usercontent|)\.com[-0-9a-zA-Z/.]*
# Goo.gl
/goo\.gl/[a-zA-Z0-9]+
# Google Chrome Store
\bchrome\.google\.com/webstore/detail/[-\w]*(?:/\w*|)
# Google Books
\bgoogle\.(?:\w{2,4})/books(?:/\w+)*\?[-\w\d=&#.]*
# Google Fonts
\bfonts\.(?:googleapis|gstatic)\.com/[-/?=:;+&0-9a-zA-Z]*
# Google Forms
\bforms\.gle/\w+
# Google Scholar
\bscholar\.google\.com/citations\?user=[A-Za-z0-9_]+
# Google Colab Research Drive
\bcolab\.research\.google\.com/drive/[-0-9a-zA-Z_?=]*
# GitHub SHAs (api)
\bapi.github\.com/repos(?:/[^/\s"]+){3}/[0-9a-f]+\b
# GitHub SHAs (markdown)
(?:\[`?[0-9a-f]+`?\]\(https:/|)/(?:www\.|)github\.com(?:/[^/\s"]+){2,}(?:/[^/\s")]+)(?:[0-9a-f]+(?:[-0-9a-zA-Z/#.]*|)\b|)
# GitHub SHAs
\bgithub\.com(?:/[^/\s"]+){2}[@#][0-9a-f]+\b
# GitHub wiki
\bgithub\.com/(?:[^/]+/){2}wiki/(?:(?:[^/]+/|)_history|[^/]+(?:/_compare|)/[0-9a-f.]{40,})\b
# githubusercontent
/[-a-z0-9]+\.githubusercontent\.com/[-a-zA-Z0-9?&=_\/.]*
# githubassets
\bgithubassets.com/[0-9a-f]+(?:[-/\w.]+)
# gist github
\bgist\.github\.com/[^/\s"]+/[0-9a-f]+
# git.io
\bgit\.io/[0-9a-zA-Z]+
# GitHub JSON
"node_id": "[-a-zA-Z=;:/0-9+]*"
# Contributor
\[[^\]]+\]\(https://github\.com/[^/\s"]+\)
# GHSA
GHSA(?:-[0-9a-z]{4}){3}
# GitLab commit
\bgitlab\.[^/\s"]*/\S+/\S+/commit/[0-9a-f]{7,16}#[0-9a-f]{40}\b
# GitLab merge requests
\bgitlab\.[^/\s"]*/\S+/\S+/-/merge_requests/\d+/diffs#[0-9a-f]{40}\b
# GitLab uploads
\bgitlab\.[^/\s"]*/uploads/[-a-zA-Z=;:/0-9+]*
# GitLab commits
\bgitlab\.[^/\s"]*/(?:[^/\s"]+/){2}commits?/[0-9a-f]+\b
# binanace
accounts.binance.com/[a-z/]*oauth/authorize\?[-0-9a-zA-Z&%]*
# bitbucket diff
\bapi\.bitbucket\.org/\d+\.\d+/repositories/(?:[^/\s"]+/){2}diff(?:stat|)(?:/[^/\s"]+){2}:[0-9a-f]+
# bitbucket repositories commits
\bapi\.bitbucket\.org/\d+\.\d+/repositories/(?:[^/\s"]+/){2}commits?/[0-9a-f]+
# bitbucket commits
\bbitbucket\.org/(?:[^/\s"]+/){2}commits?/[0-9a-f]+
# bit.ly
\bbit\.ly/\w+
# bitrise
\bapp\.bitrise\.io/app/[0-9a-f]*/[\w.?=&]*
# bootstrapcdn.com
\bbootstrapcdn\.com/[-./\w]+
# cdn.cloudflare.com
\bcdnjs\.cloudflare\.com/[./\w]+
# circleci
\bcircleci\.com/gh(?:/[^/\s"]+){1,5}.[a-z]+\?[-0-9a-zA-Z=&]+
# gitter
\bgitter\.im(?:/[^/\s"]+){2}\?at=[0-9a-f]+
# gravatar
\bgravatar\.com/avatar/[0-9a-f]+
# ibm
[a-z.]*ibm\.com/[-_#=:%!?~.\\/\d\w]*
# imgur
\bimgur\.com/[^.]+
# Internet Archive
\barchive\.org/web/\d+/(?:[-\w.?,'/\\+&%$#_:]*)
# discord
/discord(?:app\.com|\.gg)/(?:invite/)?[a-zA-Z0-9]{7,}
# Disqus
\bdisqus\.com/[-\w/%.()!?&=_]*
# medium link
\blink\.medium\.com/[a-zA-Z0-9]+
# medium
\bmedium\.com/\@?[^/\s"]+/[-\w]+
# microsoft
\b(?:https?://|)(?:(?:download\.visualstudio|docs|msdn2?|research)\.microsoft|blogs\.msdn)\.com/[-_a-zA-Z0-9()=./%]*
# powerbi
\bapp\.powerbi\.com/reportEmbed/[^"' ]*
# vs devops
\bvisualstudio.com(?::443|)/[-\w/?=%&.]*
# mvnrepository.com
\bmvnrepository\.com/[-0-9a-z./]+
# now.sh
/[0-9a-z-.]+\.now\.sh\b
# oracle
\bdocs\.oracle\.com/[-0-9a-zA-Z./_?#&=]*
# chromatic.com
/\S+.chromatic.com\S*[")]
# codacy
\bapi\.codacy\.com/project/badge/Grade/[0-9a-f]+
# compai
\bcompai\.pub/v1/png/[0-9a-f]+
# mailgun api
\.api\.mailgun\.net/v3/domains/[0-9a-z]+\.mailgun.org/messages/[0-9a-zA-Z=@]*
# mailgun
\b[0-9a-z]+.mailgun.org
# /message-id/
/message-id/[-\w@./%]+
# Reddit
\breddit\.com/r/[/\w_]*
# requestb.in
\brequestb\.in/[0-9a-z]+
# sched
\b[a-z0-9]+\.sched\.com\b
# Slack url
slack://[a-zA-Z0-9?&=]+
# Slack
\bslack\.com/[-0-9a-zA-Z/_~?&=.]*
# Slack edge
\bslack-edge\.com/[-a-zA-Z0-9?&=%./]+
# Slack images
\bslack-imgs\.com/[-a-zA-Z0-9?&=%.]+
# shields.io
\bshields\.io/[-\w/%?=&.:+;,]*
# stackexchange -- https://stackexchange.com/feeds/sites
\b(?:askubuntu|serverfault|stack(?:exchange|overflow)|superuser).com/(?:questions/\w+/[-\w]+|a/)
# Sentry
[0-9a-f]{32}\@o\d+\.ingest\.sentry\.io\b
# Twitter markdown
\[\@[^[/\]:]*?\]\(https://twitter.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)\)
# Twitter hashtag
\btwitter\.com/hashtag/[\w?_=&]*
# Twitter status
\btwitter\.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)
# Twitter profile images
\btwimg\.com/profile_images/[_\w./]*
# Twitter media
\btwimg\.com/media/[-_\w./?=]*
# Twitter link shortened
\bt\.co/\w+
# facebook
\bfburl\.com/[0-9a-z_]+
# facebook CDN
\bfbcdn\.net/[\w/.,]*
# facebook watch
\bfb\.watch/[0-9A-Za-z]+
# dropbox
\bdropbox\.com/s/[^/\s"]+/[-0-9A-Za-z_.%]+
# ipfs protocol
ipfs://[0-9a-z]*
# ipfs url
/ipfs/[0-9a-z]*
# w3
\bw3\.org/[-0-9a-zA-Z/#.]+
# loom
\bloom\.com/embed/[0-9a-f]+
# regex101
\bregex101\.com/r/[^/\s"]+/\d+
# figma
\bfigma\.com/file(?:/[0-9a-zA-Z]+/)+
# freecodecamp.org
\bfreecodecamp\.org/[-\w/.]+
# image.tmdb.org
\bimage\.tmdb\.org/[/\w.]+
# mermaid
\bmermaid\.ink/img/[-\w]+|\bmermaid-js\.github\.io/mermaid-live-editor/#/edit/[-\w]+
# gitweb
[^"\s]+/gitweb/\S+;h=[0-9a-f]+
# HyperKitty lists
/archives/list/[^@/]+\@[^/\s"]*/message/[^/\s"]*/
# lists
/thread\.html/[^"\s]+
# list-management
\blist-manage\.com/subscribe(?:[?&](?:u|id)=[0-9a-f]+)+
# kubectl.kubernetes.io/last-applied-configuration
"kubectl.kubernetes.io/last-applied-configuration": ".*"
# pgp
\bgnupg\.net/pks/lookup[?&=0-9a-zA-Z]*
# Spotify
\bopen\.spotify\.com/embed/playlist/\w+
# mastodon.social
\bmastodon\.social/(?:media/|\@)[?&=0-9a-zA-Z]*
# scastie
\bscastie\.scala-lang\.org/[^/]+/\w+
# images.unsplash.com
\bimages\.unsplash\.com/(?:(?:flagged|reserve)/|)[-\w./%?=%&.;]+
# pastebin
\bpastebin\.com/[\w/]+
# ANSI color codes
(?:\\(?:u00|x)1b|\x1b)\[\d+(?:;\d+|)m
# URL escaped characters
\%[0-9A-F][A-F]
# IPv6
\b(?:[0-9a-fA-F]{0,4}:){3,7}[0-9a-fA-F]{0,4}\b
# c99 hex digits (not the full format, just one I've seen)
0x[0-9a-fA-F](?:\.[0-9a-fA-F]*|)[pP]
# Punycode
\bxn--[-0-9a-z]+
# sha
sha\d+:[0-9]*[a-f]{3,}[0-9a-f]*
# sha-... -- uses a fancy capture
(['"]|&quot;)[0-9a-f]{40,}\g{-1}
# hex runs
\b[0-9a-fA-F]{16,}\b
# hex in url queries
=[0-9a-fA-F]*?(?:[A-F]{3,}|[a-f]{3,})[0-9a-fA-F]*?&
# ssh
(?:ssh-\S+|-nistp256) [-a-zA-Z=;:/0-9+]{12,}
# PGP
\b(?:[0-9A-F]{4} ){9}[0-9A-F]{4}\b
# uuid:
\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b
# hex digits including css/html color classes:
(?:[\\0][xX]|\\u|[uU]\+|#x?|\%23)[0-9_]*[a-fA-FgGrR]{2,}[0-9_a-fA-FgGrR]*(?:[uUlL]{0,3}|u\d+)\b
# integrity
integrity="sha\d+-[-a-zA-Z=;:/0-9+]{40,}"
# https://www.gnu.org/software/groff/manual/groff.html
# man troff content
\\f[BCIPR]
# '
\\\(aq
# .desktop mime types
^MimeTypes?=.*$
# .desktop localized entries
^[A-Z][a-z]+\[[a-z]+\]=.*$
# IServiceProvider
\bI(?=(?:[A-Z][a-z]{2,})+\b)
# crypt
"\$2[ayb]\$.{56}"
# Input to GitHub JSON
content: "[-a-zA-Z=;:/0-9+]*="
# Python stringprefix / binaryprefix
# Note that there's a high false positive rate, remove the `?=` and search for the regex to see if the matches seem like reasonable strings
(?<!')\b(?:B|BR|Br|F|FR|Fr|R|RB|RF|Rb|Rf|U|UR|Ur|b|bR|br|f|fR|fr|r|rB|rF|rb|rf|u|uR|ur)'(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})
# Regular expressions for (P|p)assword
\([A-Z]\|[a-z]\)[a-z]+
# JavaScript regular expressions
/.*/[gim]*\.test\(
\.replace\(/[^/\s"]*/[gim]*\s*,
# Go regular expressions
regexp?\.MustCompile\(`[^`]*`\)
# sed regular expressions
sed 's/(?:[^/]*?[a-zA-Z]{3,}[^/]*?/){2}
# kubernetes pod status lists
# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
\w+(?:-\w+)+\s+\d+/\d+\s+(?:Running|Pending|Succeeded|Failed|Unknown)\s+
# kubectl - pods in CrashLoopBackOff
\w+-[0-9a-f]+-\w+\s+\d+/\d+\s+CrashLoopBackOff\s+
# kubernetes object suffix
-[0-9a-f]{10}-\w{5}\s
# posthog secrets
posthog\.init\((['"])phc_[^"',]+\g{-1},
# Update Lorem based on your content (requires `ge` and `w` from https://github.com/jsoref/spelling; and `review` from https://github.com/check-spelling/check-spelling/wiki/Looking-for-items-locally )
# grep '^[^#].*lorem' .github/actions/spelling/patterns.txt|perl -pne 's/.*i..\?://;s/\).*//' |tr '|' "\n"|sort -f |xargs -n1 ge|perl -pne 's/^[^:]*://'|sort -u|w|sed -e 's/ .*//'|w|review -
# Warning, while `(?i)` is very neat and fancy, if you have some binary files that aren't proper unicode, you might run into:
## Operation "substitution (s///)" returns its argument for non-Unicode code point 0x1C19AE (the code point will vary).
## You could manually change `(?i)X...` to use `[Xx]...`
## or you could add the files to your `excludes` file (a version after 0.0.19 should identify the file path)
# Lorem
(?:\w|\s|[,.])*\b(?i)(?:amet|consectetur|cursus|dolor|eros|ipsum|lacus|libero|ligula|lorem|magna|neque|nulla|suscipit|tempus)\b(?:\w|\s|[,.])*
# Non-English
[a-zA-Z]*[ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3}[a-zA-ZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]*
# French
# This corpus only had capital letters, but you probably want lowercase ones as well.
\b[LN]'+[a-z]+\b
# latex
\\(?:n(?:ew|ormal)|r(?:enew)|t(?:able(?:of|)|he|itle))(?=[a-z]+)
# the negative lookahead here is to allow catching 'templatesz' as a misspelling
# but to otherwise recognize a Windows path with \templates\foo.template or similar:
\\(?:necessary|r(?:eport|esolve[dr]?|esult)|t(?:arget|emplates?))(?![a-z])
# ignore long runs of a single character:
\b([A-Za-z])\g{-1}{3,}\b
# Note that the next example is no longer necessary if you are using
# to match a string starting with a `#`, use a character-class:
[#]backwards
# version suffix <word>v#
(?:(?<=[A-Z]{2})V|(?<=[a-z]{2}|[A-Z]{2})v)\d+(?:\b|(?=[a-zA-Z_]))
# Compiler flags (Scala)
(?:^|[\t ,>"'`=(])-J-[DPWXY](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})
# Compiler flags
(?:^|[\t ,"'`=(])-[DPWXYLlf](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})
# Compiler flags (linker)
,-B
# curl arguments
\b(?:\\n|)curl(?:\s+-[a-zA-Z]{1,2}\b)*(?:\s+-[a-zA-Z]{3,})(?:\s+-[a-zA-Z]+)*
# set arguments
\bset(?:\s+-[abefimouxE]{1,2})*\s+-[abefimouxE]{3,}(?:\s+-[abefimouxE]+)*
# tar arguments
\b(?:\\n|)g?tar(?:\.exe|)(?:(?:\s+--[-a-zA-Z]+|\s+-[a-zA-Z]+|\s[ABGJMOPRSUWZacdfh-pr-xz]+\b)(?:=[^ ]*|))+
# tput arguments -- https://man7.org/linux/man-pages/man5/terminfo.5.html -- technically they can be more than 5 chars long...
\btput\s+(?:(?:-[SV]|-T\s*\w+)\s+)*\w{3,5}\b
# macOS temp folders
/var/folders/\w\w/[+\w]+/(?:T|-Caches-)/

59
.github/actions/spelling/excludes.txt vendored Normal file
View File

@ -0,0 +1,59 @@
# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes
(?:^|/)(?i)COPYRIGHT
(?:^|/)(?i)LICEN[CS]E
(?:^|/)go\.sum$
(?:^|/)package(?:-lock|)\.json$
(?:^|/)vendor/
ignore$
\.a$
\.ai$
\.avi$
\.bmp$
\.bz2$
\.crt$
\.dll$
\.docx?$
\.drawio$
\.DS_Store$
\.eot$
\.exe$
\.gif$
\.gitattributes$
\.graffle$
\.gz$
\.html$
\.icns$
\.ico$
\.jar$
\.jks$
\.jpe?g$
\.js$
\.key$
\.lib$
\.lock$
\.map$
\.min\..
\.mod$
\.mp[34]$
\.nav$
\.o$
\.ocf$
\.otf$
\.pdf$
\.pem$
\.png$
\.styl$
\.psd$
\.s$
\.svg$
\.tar$
\.tiff?$
\.ttf$
\.uve$
\.wav$
\.webm$
\.webp$
\.woff2?$
\.zip$
^\.github/
^\Q.github/workflows/spelling.yml\E$

51
.github/actions/spelling/expect.txt vendored Normal file
View File

@ -0,0 +1,51 @@
agentzh
COMPAT
csv
dav
dll
DLUAJIT
exe
flv
gcc
gmail
gunzip
gzip
html
http
imagename
imap
IOCP
ipv
jit
json
Linux
lua
luajit
Microsoft
mkdir
MSYS
nginx
ngx
NUMMODE
objs
openresty
openssl
pcre
perl
pid
preread
rds
README
realip
sbin
SETSIZE
smtp
ssl
tarballs
taskkill
tasklist
todo
toolchain
xcflags
Yichun
zlib

56
.github/actions/spelling/line_forbidden.patterns vendored Normal file
View File

@ -0,0 +1,56 @@
# reject `m_data` as there's a certain OS which has evil defines that break things if it's used elsewhere
# \bm_data\b
# If you have a framework that uses `it()` for testing and `fit()` for debugging a specific test,
# you might not want to check in code where you were debugging w/ `fit()`, in which case, you might want
# to use this:
#\bfit\(
# s.b. GitHub
\bGithub\b
# s.b. GitLab
\bGitlab\b
# s.b. JavaScript
\bJavascript\b
# s.b. Microsoft
\bMicroSoft\b
# s.b. another
\ban[- ]other\b
# s.b. greater than
\bgreater then\b
# s.b. into
\bin to\b
# s.b. less than
\bless then\b
# s.b. otherwise
\bother[- ]wise\b
# s.b. nonexistent
\bnon existing\b
\b[Nn]o[nt][- ]existent\b
# s.b. preexisting
[Pp]re-existing
# s.b. preempt
[Pp]re-empt\b
# s.b. preemptively
[Pp]re-emptively
# s.b. reentrancy
[Rr]e-entrancy
# s.b. reentrant
[Rr]e-entrant
# Reject duplicate words
\s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s

2
.github/actions/spelling/only.txt vendored Normal file
View File

@ -0,0 +1,2 @@
# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes
\.md$

18
.github/actions/spelling/patterns.txt vendored Normal file
View File

@ -0,0 +1,18 @@
# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
# acceptable duplicates
# ls directory listings
[-bcdlpsw](?:[-r][-w][-sx]){3}\s+\d+\s+(\S+)\s+\g{-1}\s+\d+\s+
# C types
\s(long|LONG) \g{-1}\s
# javadoc / .net
(?:[\\@](?:groupname|param)|(?:public|private)(?:\s+static|\s+readonly)*)\s+(\w+)\s+\g{-1}\s
# Commit message -- Signed-off-by and friends
^\s*(?:(?:Based-on-patch|Co-authored|Helped|Mentored|Reported|Reviewed|Signed-off)-by|Thanks-to): (?:[^<]*<[^>]*>|[^<]*)\s*$
# Autogenerated revert commit message
^This reverts commit [0-9a-f]{40}\.$
# ignore long runs of a single character:
\b([A-Za-z])\g{-1}{3,}\b

10
.github/actions/spelling/reject.txt vendored Normal file
View File

@ -0,0 +1,10 @@
^attache$
benefitting
occurences?
^dependan.*
^oer$
Sorce
^[Ss]pae.*
^untill$
^untilling$
^wether.*

18
.github/workflows/markdownlint.yml vendored Normal file
View File

@ -0,0 +1,18 @@
name: Linting on markdown files
on:
pull_request_target:
push:
jobs:
lint-content:
name: Lint content markdown files
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Lint markdown files
uses: avto-dev/markdown-lint@v1
with:
config: './.markdownlint.jsonc'
args: './content/**/*.md'

30
.github/workflows/semantic-pull-request.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: "Lint PR"
on:
pull_request_target:
types:
- opened
- edited
- synchronize
jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Configure which types are allowed.
# Default: https://github.com/commitizen/conventional-commit-types
types: |
bugfix # bug fixes
change # backward incompatible changes
doc # documentation changes including code comments
editor # code editor related configurations
feature # implementing a new feature
optimize # performance optimizations
refactor # code refactoring and other code rearrangement
style # coding style changes
tests # test suite changes

96
.github/workflows/spelling.yml vendored Normal file
View File

@ -0,0 +1,96 @@
name: Spell checking
# Updating pull request branches is managed via comment handling.
# For details, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-expect-list
#
# These elements work together to make it happen:
#
# `on.issue_comment`
# This event listens to comments by users asking to update the metadata.
#
# `jobs.update`
# This job runs in response to an issue_comment and will push a new commit
# to update the spelling metadata.
#
# `with.experimental_apply_changes_via_bot`
# Tells the action to support and generate messages that enable it
# to make a commit to update the spelling metadata.
#
# `with.ssh_key`
# In order to trigger workflows when the commit is made, you can provide a
# secret (typically, a write-enabled github deploy key).
#
# For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key
on:
push:
branches: ["**"]
tags-ignore: ["**"]
pull_request_target:
issue_comment:
types: [created]
jobs:
spelling:
name: Spell checking
permissions:
contents: read
pull-requests: read
actions: read
outputs:
followup: ${{ steps.spelling.outputs.followup }}
runs-on: ubuntu-latest
if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'"
concurrency:
group: spelling-${{ github.event.pull_request.number || github.ref }}
# note: If you use only_check_changed_files, you do not want cancel-in-progress
cancel-in-progress: true
steps:
- name: check-spelling
id: spelling
uses: check-spelling/check-spelling@main
with:
suppress_push_for_open_pull_request: 1
checkout: true
post_comment: 0
experimental_apply_changes_via_bot: 1
extra_dictionaries:
cspell:filetypes/filetypes.txt
comment:
name: Report
runs-on: ubuntu-latest
needs: spelling
permissions:
contents: write
pull-requests: write
if: (success() || failure()) && needs.spelling.outputs.followup
steps:
- name: comment
uses: check-spelling/check-spelling@main
with:
checkout: true
task: ${{ needs.spelling.outputs.followup }}
experimental_apply_changes_via_bot: 1
update:
name: Update PR
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
if: ${{
github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '@check-spelling-bot apply')
}}
concurrency:
group: spelling-update-${{ github.event.issue.number }}
cancel-in-progress: false
steps:
- name: apply spelling updates
uses: check-spelling/check-spelling@main
with:
experimental_apply_changes_via_bot: 1
checkout: true
ssh_key: "${{ secrets.CHECK_SPELLING }}"

85
.travis.yml
View File

@ -1,5 +1,8 @@
sudo: required
dist: xenial
dist: bionic
branches:
only:
- "master"
os: linux
@ -7,20 +10,18 @@ language: c
compiler:
- gcc
- clang
addons:
apt:
packages:
- axel
- dos2unix
- cpanminus
- libgd-dev
linux-s390x: &linux-s390x
_linux-s390x: &linux-s390x
os: linux
arch: s390x
dist: xenial
dist: bionic
compiler: gcc
addons:
apt:
@ -28,14 +29,15 @@ linux-s390x: &linux-s390x
packages:
- axel
- dos2unix
- cpanminus
- libgd-dev
- libpcre3
- libpcre3-dev
- mercurial
- libpq-dev
before_install:
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
install:
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
- cd openssl-$OPENSSL_VER/
@ -47,8 +49,47 @@ linux-s390x: &linux-s390x
- sudo ln -s /usr/bin/make /usr/bin/gmake
script:
- util/mirror-tarballs > build.log 2>&1 || (cat build.log && exit 1)
- cd openresty-*
- ./configure --prefix=$OPENRESTY_PREFIX --with-cc-opt="-I$PCRE_INC -I$OPENSSL_INC" --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$OPENSSL_LIB" --with-pcre-jit --with-http_ssl_module --with-debug -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- cd "openresty-$(./util/ver)"
- ./configure $ENABLE_HTTP3_OPTION --prefix=$OPENRESTY_PREFIX --with-cc-opt="-I$PCRE_INC -I$OPENSSL_INC" --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$OPENSSL_LIB" --with-pcre-jit --with-http_ssl_module --with-debug -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- export PATH=$OPENRESTY_PREFIX/bin:$OPENRESTY_PREFIX/nginx/sbin:$PATH
- nginx -V
- ldd `which nginx`|grep -E 'luajit|ssl|pcre'
- prove -I. -r t/
_linux-ppc64le: &linux-ppc64le
os: linux
arch: ppc64le
dist: bionic
compiler: gcc
addons:
apt:
update: true
packages:
- axel
- dos2unix
- libgd-dev
- libpcre3
- libpcre3-dev
- mercurial
- libpq-dev
install:
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
- cd openssl-$OPENSSL_VER/
- patch -p1 < ../patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch
- ./config no-threads shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- sudo ln -s /usr/bin/make /usr/bin/gmake
script:
- util/mirror-tarballs > build.log 2>&1 || (cat build.log && exit 1)
- cd "openresty-$(./util/ver)"
- ./configure $ENABLE_HTTP3_OPTION --prefix=$OPENRESTY_PREFIX --with-cc-opt="-I$PCRE_INC -I$OPENSSL_INC" --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$OPENSSL_LIB" --with-pcre-jit --with-http_ssl_module --with-debug -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
@ -71,23 +112,19 @@ env:
- OPENSSL_LIB=$OPENSSL_PREFIX/lib
- OPENSSL_INC=$OPENSSL_PREFIX/include
- OPENRESTY_PREFIX=/opt/openresty
matrix:
- OPENSSL_VER=1.0.2u OPENSSL_PATCH_VER=1.0.2h
- OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
- OPENSSL_VER=1.1.1f OPENSSL_PATCH_VER=1.1.1f
jobs:
- OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f ENABLE_HTTP3_OPTION=--with-http_v3_module
jobs:
include:
- <<: *linux-s390x
env: OPENSSL_VER=1.0.2u OPENSSL_PATCH_VER=1.0.2h
- <<: *linux-s390x
env: OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
- <<: *linux-s390x
env: OPENSSL_VER=1.1.1f OPENSSL_PATCH_VER=1.1.1f
env: OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f ENABLE_HTTP3_OPTION=--with-http_v3_module
- <<: *linux-ppc64le
env: OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f ENABLE_HTTP3_OPTION=--with-http_v3_module
install:
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
- if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://ftp.pcre.org/pub/pcre/pcre-$PCRE_VER.tar.gz; fi
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
- if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- tar zxf download-cache/pcre-$PCRE_VER.tar.gz
- cd pcre-$PCRE_VER/
@ -106,12 +143,12 @@ install:
script:
- util/mirror-tarballs > build.log 2>&1 || (cat build.log && exit 1)
- cd openresty-*
- ./configure --prefix=$OPENRESTY_PREFIX --with-cc-opt="-I$PCRE_INC -I$OPENSSL_INC" --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$OPENSSL_LIB" --with-pcre-jit --with-http_ssl_module --with-debug -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- cd "openresty-$(./util/ver)"
- ./configure $ENABLE_HTTP3_OPTION --prefix=$OPENRESTY_PREFIX --with-cc-opt="-I$PCRE_INC -I$OPENSSL_INC" --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$OPENSSL_LIB" --with-pcre-jit --with-http_ssl_module --with-debug -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- export PATH=$OPENRESTY_PREFIX/bin:$OPENRESTY_PREFIX/nginx/sbin:$PATH
- nginx -V
- ldd `which nginx`|grep -E 'luajit|ssl|pcre'
- prove -r t/
- prove -I. -r t/

6
clients/js/openresty.js
View File

@ -142,10 +142,10 @@ $ClientP._post_by_form = function (url, content, args) {
reqId: reqId
};
_post_forms[reqId] = obj;
var submited = false;
var submitted = false;
// var onloadCount = 0;
obj.onload = function() {
if (!submited) return;
if (!submitted) return;
// alert('contentLoad ' + (++onloadCount) + ' times\n' + this);
@ -237,7 +237,7 @@ $ClientP._post_by_form = function (url, content, args) {
_ipt = null;
_form.submit();
submited = true;
submitted = true;
};
$ClientP.post = function (url) {

4
doc/LuaJIT-2.1/ext_ffi_api.pod
View File

@ -227,7 +227,7 @@ of an C<__index> table (if any) may be modified afterwards. The
associated metatable automatically applies to all uses of this type, no
matter how the objects are created or where they originate from. Note
that pre-defined operations on types have precedence (e.g. declared
field names cannot be overriden).
field names cannot be overridden).
All standard Lua metamethods are implemented. These are called
directly, without shortcuts and on any mix of types. For binary
@ -326,7 +326,7 @@ of the string is computed with C<strlen()>.
Otherwise C<ptr> is converted to a C<"void *"> and C<len> gives the
length of the data. The data may contain embedded zeros and need not be
byte-oriented (though this may cause endianess issues).
byte-oriented (though this may cause endianness issues).
This function is mainly useful to convert (temporary) C<"const char *">
pointers returned by C functions to Lua strings and store them or pass

2
doc/LuaJIT-2.1/ext_ffi_semantics.pod
View File

@ -847,7 +847,7 @@ through unions is explicitly detected and allowed.
=item * B<Constructor>: a ctype object can be called and used as a
constructor. This is equivalent to C<ffi.new(ct, ...)>, unless a
C<__new> metamethod is defined. The C<__new> metamethod is called with
the ctype object plus any other arguments passed to the contructor.
the ctype object plus any other arguments passed to the constructor.
Note that you have to use C<ffi.new> inside of it, since calling
C<ct(...)> would cause infinite recursion.

2
doc/LuaJIT-2.1/extensions.pod
View File

@ -158,7 +158,7 @@ also the C<-b> command line option.
The generated bytecode is portable and can be loaded on any
architecture that LuaJIT supports, independent of word size or
endianess. However the bytecode compatibility versions must match.
endianness. However the bytecode compatibility versions must match.
Bytecode stays compatible for dot releases (x.y.0 E<rarr> x.y.1), but
may change with major or minor releases (2.0 E<rarr> 2.1) or between
any beta release. Foreign bytecode (e.g. from Lua 5.1) is incompatible

6
doc/README-windows.md
View File

@ -94,7 +94,7 @@ recommended though).
Debugging
=========
Debug symbosl are enabled even in release builds. So that when things go very wrong,
Debug symbols are enabled even in release builds. So that when things go very wrong,
one can still debug things with tools like MSYS2 GDB.
Inclusion of debug symbols make the binary files (`.exe` and `.dll` files) much larger,
@ -123,7 +123,7 @@ TODO
package redistribution.
* Bundle StrawberryPerl to make command-line utilities like `resty` work out of the box (without
manually installing a Perl).
* Deliver an alternative Win32/Win64 binary package built with best debuggin capabilities (like enabling
* Deliver an alternative Win32/Win64 binary package built with best debugging capabilities (like enabling
NGINX debugging logs, disabling C compiler optimizations, and enabling all the assertions and checks).
[Back to TOC](#table-of-contents)
@ -136,7 +136,7 @@ side. But if you do, please read on.
The Win32/Win64 build of OpenResty is currently built via the MSYS2/MinGW toolchain, including
MinGW gcc 7.2.3, MSYS2 perl 5.24.4, MSYS2 bash, MSYS2 make, and etc. Basically, it is currently built via
the following cmmands:
the following commands:
```bash
PCRE=pcre-8.42

175
html/50x.html
View File

File diff suppressed because one or more lines are too long

179
html/index.html
View File

File diff suppressed because one or more lines are too long

73
patches/nginx-1.19.3-privileged_agent_process_connections.patch Normal file
View File

@ -0,0 +1,73 @@
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 2e8b692..104d96e 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -1029,6 +1029,7 @@ ngx_core_module_create_conf(ngx_cycle_t *cycle)
ccf->daemon = NGX_CONF_UNSET;
ccf->master = NGX_CONF_UNSET;
ccf->privileged_agent = NGX_CONF_UNSET;
+ ccf->privileged_agent_connections = NGX_CONF_UNSET_UINT;
ccf->timer_resolution = NGX_CONF_UNSET_MSEC;
ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC;
@@ -1059,6 +1060,7 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->daemon, 1);
ngx_conf_init_value(ccf->master, 1);
ngx_conf_init_value(ccf->privileged_agent, 0);
+ ngx_conf_init_uint_value(ccf->privileged_agent_connections, 512);
ngx_conf_init_msec_value(ccf->timer_resolution, 0);
ngx_conf_init_msec_value(ccf->shutdown_timeout, 0);
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index e9239ae..af9406e 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -92,6 +92,7 @@ typedef struct {
ngx_flag_t daemon;
ngx_flag_t master;
ngx_flag_t privileged_agent;
+ ngx_uint_t privileged_agent_connections;
ngx_msec_t timer_resolution;
ngx_msec_t shutdown_timeout;
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index b1eb322..8e03696 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -1208,6 +1208,7 @@ static void
ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
{
char *name = data;
+ ngx_core_conf_t *ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module);
/*
* Set correct process type since closing listening Unix domain socket
@@ -1219,7 +1220,7 @@ ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
ngx_close_listening_sockets(cycle);
/* Set a moderate number of connections for a helper process. */
- cycle->connection_n = 512;
+ cycle->connection_n = ccf->privileged_agent_connections;
ngx_worker_process_init(cycle, -1);
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index df25f9d..bd259c1 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -442,6 +442,15 @@
return;
}
+ /* 0 is an illegal value and may result in a core dump later */
+ if (ccf->privileged_agent_connections == 0) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "%ui worker_connection is not enough, "
+ "privileged agent process cannot be spawned",
+ ccf->privileged_agent_connections);
+ return;
+ }
+
ngx_spawn_process(cycle, ngx_privileged_agent_process_cycle,
"privileged agent process", "privileged agent process",
respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN);

11
patches/nginx-1.19.8-always_enable_cc_feature_tests.patch Normal file
View File

@ -0,0 +1,11 @@
--- nginx-1.19.8/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800
+++ nginx-1.19.8-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800
@@ -136,7 +136,7 @@ fi
CFLAGS="$CFLAGS $NGX_CC_OPT"
NGX_TEST_LD_OPT="$NGX_LD_OPT"
-if [ "$NGX_PLATFORM" != win32 ]; then
+if [ 1 ]; then
if test -n "$NGX_LD_OPT"; then
ngx_feature=--with-ld-opt=\"$NGX_LD_OPT\"

72
patches/nginx-1.19.8-balancer_status_code.patch Normal file
View File

@ -0,0 +1,72 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index f8d5707d..6efe0047 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ ngx_http_upstream_finalize_request(r, u, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 3e714e5b..dfbb25e0 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[];
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..d8b4b584 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t;
#define NGX_STREAM_OK 200
+#define NGX_STREAM_SPECIAL_RESPONSE 300
#define NGX_STREAM_BAD_REQUEST 400
#define NGX_STREAM_FORBIDDEN 403
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..329dcdc6 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
return;
}
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) {
+ ngx_stream_proxy_finalize(s, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h
index 73947f46..21bc0ad7 100644
--- a/src/stream/ngx_stream_upstream.h
+++ b/src/stream/ngx_stream_upstream.h
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf,
extern ngx_module_t ngx_stream_upstream_module;
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */

13
patches/nginx-1.19.8-builtin_error_page_footer.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 64e5acd..f5374f6 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -26,7 +26,7 @@ static u_char ngx_http_error_full_tail[] =
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
+"<hr><center>openresty</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

19
patches/nginx-1.19.8-cache_manager_exit.patch Normal file
View File

@ -0,0 +1,19 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1383598130 28800
# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa
# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c
Cache: gracefully exit the cache manager process.
diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400
+++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800
@@ -1335,7 +1335,7 @@
if (ngx_terminate || ngx_quit) {
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
- exit(0);
+ ngx_worker_process_exit(cycle);
}
if (ngx_reopen) {

12
patches/nginx-1.19.8-daemon_destroy_pool.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
index ab672110..f259af31 100644
--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
@@ -23,6 +23,8 @@ ngx_daemon(ngx_log_t *log)
break;
default:
+ /* just to make it ASAN or Valgrind clean */
+ ngx_destroy_pool(ngx_cycle->pool);
exit(0);
}

98
patches/nginx-1.19.8-delayed_posted_events.patch Normal file
View File

@ -0,0 +1,98 @@
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index 57af8132..4853945f 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
ngx_uint_t flags;
ngx_msec_t timer, delta;
+ ngx_queue_t *q;
+ ngx_event_t *ev;
+
if (ngx_timer_resolution) {
timer = NGX_TIMER_INFINITE;
flags = 0;
@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
#endif
}
+ if (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "posted delayed event queue not empty"
+ " making poll timeout 0");
+ timer = 0;
+ }
+
if (ngx_use_accept_mutex) {
if (ngx_accept_disabled > 0) {
ngx_accept_disabled--;
@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
}
ngx_event_process_posted(cycle, &ngx_posted_events);
+
+ while (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ q = ngx_queue_head(&ngx_posted_delayed_events);
+
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ if (ev->delayed) {
+ /* start of newly inserted nodes */
+ for (/* void */;
+ q != ngx_queue_sentinel(&ngx_posted_delayed_events);
+ q = ngx_queue_next(q))
+ {
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ ev->delayed = 0;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "skipping delayed posted event %p,"
+ " till next iteration", ev);
+ }
+
+ break;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "delayed posted event %p", ev);
+
+ ngx_delete_posted_event(ev);
+
+ ev->handler(ev);
+ }
}
@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
ngx_queue_init(&ngx_posted_accept_events);
ngx_queue_init(&ngx_posted_events);
+ ngx_queue_init(&ngx_posted_delayed_events);
if (ngx_event_timer_init(cycle->log) == NGX_ERROR) {
return NGX_ERROR;
diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c
index d851f3d1..b6cea009 100644
--- a/src/event/ngx_event_posted.c
+++ b/src/event/ngx_event_posted.c
@@ -12,6 +12,7 @@
ngx_queue_t ngx_posted_accept_events;
ngx_queue_t ngx_posted_events;
+ngx_queue_t ngx_posted_delayed_events;
void
diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h
index 145d30fe..6c388553 100644
--- a/src/event/ngx_event_posted.h
+++ b/src/event/ngx_event_posted.h
@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted);
extern ngx_queue_t ngx_posted_accept_events;
extern ngx_queue_t ngx_posted_events;
+extern ngx_queue_t ngx_posted_delayed_events;
+
+#define HAVE_POSTED_DELAYED_EVENTS_PATCH
#endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */

20
patches/nginx-1.19.8-hash_overflow.patch Normal file
View File

@ -0,0 +1,20 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1412276417 25200
# Thu Oct 02 12:00:17 2014 -0700
# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5
# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd
Hash: buffer overflow might happen when exceeding the pre-configured limits.
diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c
--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700
+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
continue;
}
+ size--;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "

59
patches/nginx-1.19.8-init_cycle_pool_release.patch Normal file
View File

@ -0,0 +1,59 @@
diff -rup nginx-1.19.8/src/core/nginx.c nginx-1.19.8-patched/src/core/nginx.c
--- nginx-1.19.8/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800
+++ nginx-1.19.8-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800
@@ -186,6 +186,7 @@ static u_char *ngx_prefix;
static u_char *ngx_conf_file;
static u_char *ngx_conf_params;
static char *ngx_signal;
+ngx_pool_t *saved_init_cycle_pool = NULL;
static char **ngx_os_environ;
@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
return 1;
}
+ saved_init_cycle_pool = init_cycle.pool;
+
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
return 1;
}
diff -rup nginx-1.19.8/src/core/ngx_core.h nginx-1.19.8-patched/src/core/ngx_core.h
--- nginx-1.19.8/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800
@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
#endif
+extern ngx_pool_t *saved_init_cycle_pool;
+
#endif /* _NGX_CORE_H_INCLUDED_ */
diff -rup nginx-1.19.8/src/core/ngx_cycle.c nginx-1.19.8-patched/src/core/ngx_cycle.c
--- nginx-1.19.8/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800
@@ -748,6 +748,10 @@ old_shm_zone_done:
if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
+ if (ngx_is_init_cycle(old_cycle)) {
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(old_cycle->pool);
cycle->old_cycle = NULL;
diff -rup nginx-1.19.8/src/os/unix/ngx_process_cycle.c nginx-1.19.8-patched/src/os/unix/ngx_process_cycle.c
--- nginx-1.19.8/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800
+++ nginx-1.19.8-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800
@@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
ngx_exit_cycle.files_n = ngx_cycle->files_n;
ngx_cycle = &ngx_exit_cycle;
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
+ ngx_destroy_pool(saved_init_cycle_pool);
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(cycle->pool);
exit(0);

60
patches/nginx-1.19.8-intercept_error_log.patch Normal file
View File

@ -0,0 +1,60 @@
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..4c335b9 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,9 +22,14 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_INTERCEPT_ERROR_LOG_PATCH
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
+typedef ngx_int_t (*ngx_log_intercept_pt) (ngx_log_t *log, ngx_uint_t level,
+ u_char *buf, size_t len);
struct ngx_shm_zone_s {
void *data;
@@ -75,6 +80,10 @@ struct ngx_cycle_s {
ngx_str_t prefix;
ngx_str_t lock_file;
ngx_str_t hostname;
+
+ ngx_log_intercept_pt intercept_error_log_handler;
+ void *intercept_error_log_data;
+ unsigned entered_logger; /* :1 */
};
diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c
index 8e9408d..ed9b11b 100644
--- a/src/core/ngx_log.c
+++ b/src/core/ngx_log.c
@@ -112,6 +112,8 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
ngx_uint_t wrote_stderr, debug_connection;
u_char errstr[NGX_MAX_ERROR_STR];
+ ngx_log_intercept_pt log_intercept = NULL;
+
last = errstr + NGX_MAX_ERROR_STR;
p = ngx_cpymem(errstr, ngx_cached_err_log_time.data,
@@ -153,6 +155,16 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
p = last - NGX_LINEFEED_SIZE;
}
+ if (ngx_cycle) {
+ log_intercept = ngx_cycle->intercept_error_log_handler;
+ }
+
+ if (log_intercept && !ngx_cycle->entered_logger) {
+ ngx_cycle->entered_logger = 1;
+ log_intercept(log, level, errstr, p - errstr);
+ ngx_cycle->entered_logger = 0;
+ }
+
ngx_linefeed(p);
wrote_stderr = 0;

13
patches/nginx-1.19.8-larger_max_error_str.patch Normal file
View File

@ -0,0 +1,13 @@
--- nginx-1.19.8/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800
@@ -64,7 +64,9 @@ struct ngx_log_s {
};
-#define NGX_MAX_ERROR_STR 2048
+#ifndef NGX_MAX_ERROR_STR
+#define NGX_MAX_ERROR_STR 4096
+#endif
/*********************************/

117
patches/nginx-1.19.8-log_escape_non_ascii.patch Normal file
View File

@ -0,0 +1,117 @@
diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c
index 917ed55f..b769dfd3 100644
--- a/src/http/modules/ngx_http_log_module.c
+++ b/src/http/modules/ngx_http_log_module.c
@@ -79,6 +79,8 @@ typedef struct {
time_t open_file_cache_valid;
ngx_uint_t open_file_cache_min_uses;
+ ngx_flag_t escape_non_ascii;
+
ngx_uint_t off; /* unsigned off:1 */
} ngx_http_log_loc_conf_t;
@@ -131,7 +133,8 @@ static size_t ngx_http_log_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_variable(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op);
-static uintptr_t ngx_http_log_escape(u_char *dst, u_char *src, size_t size);
+static uintptr_t ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst,
+ u_char *src, size_t size);
static size_t ngx_http_log_json_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_json_variable(ngx_http_request_t *r, u_char *buf,
@@ -177,6 +180,13 @@ static ngx_command_t ngx_http_log_commands[] = {
0,
NULL },
+ { ngx_string("log_escape_non_ascii"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_log_loc_conf_t, escape_non_ascii),
+ NULL },
+
ngx_null_command
};
@@ -935,6 +945,7 @@ static size_t
ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
{
uintptr_t len;
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, data);
@@ -943,7 +954,9 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
return 1;
}
- len = ngx_http_log_escape(NULL, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+
+ len = ngx_http_log_escape(lcf, NULL, value->data, value->len);
value->escape = len ? 1 : 0;
@@ -954,6 +967,7 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
static u_char *
ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
{
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, op->data);
@@ -967,16 +981,18 @@ ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
return ngx_cpymem(buf, value->data, value->len);
} else {
- return (u_char *) ngx_http_log_escape(buf, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+ return (u_char *) ngx_http_log_escape(lcf, buf, value->data, value->len);
}
}
static uintptr_t
-ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
+ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst, u_char *src,
+ size_t size)
{
- ngx_uint_t n;
- static u_char hex[] = "0123456789ABCDEF";
+ ngx_uint_t n;
+ static u_char hex[] = "0123456789ABCDEF";
static uint32_t escape[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
@@ -996,6 +1012,12 @@ ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
+ if (lcf->escape_non_ascii) {
+ ngx_memset(&escape[4], 0xff, sizeof(uint32_t) * 4);
+
+ } else {
+ ngx_memzero(&escape[4], sizeof(uint32_t) * 4);
+ }
if (dst == NULL) {
@@ -1120,6 +1142,7 @@ ngx_http_log_create_loc_conf(ngx_conf_t *cf)
}
conf->open_file_cache = NGX_CONF_UNSET_PTR;
+ conf->escape_non_ascii = NGX_CONF_UNSET;
return conf;
}
@@ -1135,6 +1158,8 @@ ngx_http_log_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_log_fmt_t *fmt;
ngx_http_log_main_conf_t *lmcf;
+ ngx_conf_merge_value(conf->escape_non_ascii, prev->escape_non_ascii, 1);
+
if (conf->open_file_cache == NGX_CONF_UNSET_PTR) {
conf->open_file_cache = prev->open_file_cache;

36
patches/nginx-1.19.8-no_Werror.patch Normal file
View File

@ -0,0 +1,36 @@
diff -urp nginx-1.19.8/auto/cc/clang nginx-1.19.8-patched/auto/cc/clang
--- nginx-1.19.8/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.8-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700
@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali
CFLAGS="$CFLAGS -Wno-unused-parameter"
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.19.8/auto/cc/gcc nginx-1.19.8-patched/auto/cc/gcc
--- nginx-1.19.8/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.8-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700
@@ -168,7 +168,7 @@ esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.19.8/auto/cc/icc nginx-1.19.8-patched/auto/cc/icc
--- nginx-1.19.8/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.8-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700
@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in
esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"

91
patches/nginx-1.19.8-no_error_pages.patch Normal file
View File

@ -0,0 +1,91 @@
diff -upr nginx-1.19.8/src/http/ngx_http_core_module.c nginx-1.19.8-patched/src/http/ngx_http_core_module.c
--- nginx-1.19.8/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700
+++ nginx-1.19.8-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700
@@ -61,6 +61,8 @@ static char *ngx_http_core_directio(ngx_
void *conf);
static char *ngx_http_core_error_page(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_http_core_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_core_error_log(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -647,6 +649,14 @@ static ngx_command_t ngx_http_core_comm
0,
NULL },
+ { ngx_string("no_error_pages"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
+ |NGX_CONF_NOARGS,
+ ngx_http_core_no_error_pages,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("post_action"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -3334,7 +3344,6 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->types = NULL;
* clcf->default_type = { 0, NULL };
* clcf->error_log = NULL;
- * clcf->error_pages = NULL;
* clcf->client_body_path = NULL;
* clcf->regex = NULL;
* clcf->exact_match = 0;
@@ -3344,6 +3353,7 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->keepalive_disable = 0;
*/
+ clcf->error_pages = NGX_CONF_UNSET_PTR;
clcf->client_max_body_size = NGX_CONF_UNSET;
clcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE;
clcf->client_body_timeout = NGX_CONF_UNSET_MSEC;
@@ -3543,9 +3553,7 @@ ngx_http_core_merge_loc_conf(ngx_conf_t
}
}
- if (conf->error_pages == NULL && prev->error_pages) {
- conf->error_pages = prev->error_pages;
- }
+ ngx_conf_merge_ptr_value(conf->error_pages, prev->error_pages, NULL);
ngx_conf_merge_str_value(conf->default_type,
prev->default_type, "text/plain");
@@ -4553,6 +4561,10 @@ ngx_http_core_error_page(ngx_conf_t *cf,
ngx_http_compile_complex_value_t ccv;
if (clcf->error_pages == NULL) {
+ return "conflicts with \"no_error_pages\"";
+ }
+
+ if (clcf->error_pages == NGX_CONF_UNSET_PTR) {
clcf->error_pages = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_err_page_t));
if (clcf->error_pages == NULL) {
@@ -4655,6 +4667,25 @@ ngx_http_core_error_page(ngx_conf_t *cf,
return NGX_CONF_OK;
}
+
+
+static char *
+ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_core_loc_conf_t *clcf = conf;
+
+ if (clcf->error_pages == NULL) {
+ return "is duplicate";
+ }
+
+ if (clcf->error_pages != NGX_CONF_UNSET_PTR) {
+ return "conflicts with \"error_page\"";
+ }
+
+ clcf->error_pages = NULL;
+
+ return NGX_CONF_OK;
+}
static char *

587
patches/nginx-1.19.8-no_pool.patch Normal file
View File

@ -0,0 +1,587 @@
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.8/src/core/nginx.h nginx-1.19.8-patched/src/core/nginx.h
--- nginx-1.19.8/src/core/nginx.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.8-patched/src/core/nginx.h 2016-04-21 16:25:07.452944624 -0700
@@ -10,7 +10,7 @@
#define nginx_version 1019008
#define NGINX_VERSION "1.19.8"
-#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown (no pool)"
#ifdef NGX_BUILD
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.8/src/core/ngx_array.c nginx-1.19.8-patched/src/core/ngx_array.c
--- nginx-1.19.8/src/core/ngx_array.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_array.c 2016-04-21 16:25:07.453947190 -0700
@@ -30,26 +30,30 @@ ngx_array_create(ngx_pool_t *p, ngx_uint
void
ngx_array_destroy(ngx_array_t *a)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last) {
- p->d.last -= a->size * a->nalloc;
+ if (a->elts) {
+ ngx_pfree(p, a->elts);
}
- if ((u_char *) a + sizeof(ngx_array_t) == p->d.last) {
- p->d.last = (u_char *) a;
+ for (link = a->old_elts; link; link = link->next) {
+ ngx_pfree(p, link->elts);
}
+
+ ngx_pfree(p, a);
}
void *
ngx_array_push(ngx_array_t *a)
{
- void *elt, *new;
- size_t size;
- ngx_pool_t *p;
+ void *elt, *new;
+ size_t size;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
if (a->nelts == a->nalloc) {
@@ -59,29 +63,27 @@ ngx_array_push(ngx_array_t *a)
p = a->pool;
- if ((u_char *) a->elts + size == p->d.last
- && p->d.last + a->size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
-
- p->d.last += a->size;
- a->nalloc++;
+ /* allocate a new array */
- } else {
- /* allocate a new array */
+ new = ngx_palloc(p, 2 * size);
+ if (new == NULL) {
+ return NULL;
+ }
- new = ngx_palloc(p, 2 * size);
- if (new == NULL) {
- return NULL;
- }
+ ngx_memcpy(new, a->elts, size);
- ngx_memcpy(new, a->elts, size);
- a->elts = new;
- a->nalloc *= 2;
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
}
+
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
+
+ a->elts = new;
+ a->nalloc *= 2;
}
elt = (u_char *) a->elts + a->size * a->nelts;
@@ -95,11 +97,10 @@ void *
ngx_array_push_n(ngx_array_t *a, ngx_uint_t n)
{
void *elt, *new;
- size_t size;
ngx_uint_t nalloc;
ngx_pool_t *p;
- size = n * a->size;
+ ngx_array_link_t *link;
if (a->nelts + n > a->nalloc) {
@@ -107,31 +108,27 @@ ngx_array_push_n(ngx_array_t *a, ngx_uin
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last
- && p->d.last + size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
+ nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
- p->d.last += size;
- a->nalloc += n;
+ new = ngx_palloc(p, nalloc * a->size);
+ if (new == NULL) {
+ return NULL;
+ }
- } else {
- /* allocate a new array */
+ ngx_memcpy(new, a->elts, a->nelts * a->size);
- nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
+ }
- new = ngx_palloc(p, nalloc * a->size);
- if (new == NULL) {
- return NULL;
- }
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
- ngx_memcpy(new, a->elts, a->nelts * a->size);
- a->elts = new;
- a->nalloc = nalloc;
- }
+ a->elts = new;
+ a->nalloc = nalloc;
}
elt = (u_char *) a->elts + a->size * a->nelts;
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.8/src/core/ngx_array.h nginx-1.19.8-patched/src/core/ngx_array.h
--- nginx-1.19.8/src/core/ngx_array.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_array.h 2016-04-21 16:25:07.453947190 -0700
@@ -13,12 +13,23 @@
#include <ngx_core.h>
+typedef struct ngx_array_link_s ngx_array_link_t;
+
+
+struct ngx_array_link_s {
+ void *elts;
+ ngx_array_link_t *next;
+};
+
+
typedef struct {
void *elts;
ngx_uint_t nelts;
size_t size;
ngx_uint_t nalloc;
ngx_pool_t *pool;
+
+ ngx_array_link_t *old_elts;
} ngx_array_t;
@@ -40,6 +51,7 @@ ngx_array_init(ngx_array_t *array, ngx_p
array->size = size;
array->nalloc = n;
array->pool = pool;
+ array->old_elts = NULL;
array->elts = ngx_palloc(pool, n * size);
if (array->elts == NULL) {
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.8/src/core/ngx_palloc.c nginx-1.19.8-patched/src/core/ngx_palloc.c
--- nginx-1.19.8/src/core/ngx_palloc.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_palloc.c 2016-04-21 16:25:45.912282685 -0700
@@ -9,34 +9,26 @@
#include <ngx_core.h>
-static ngx_inline void *ngx_palloc_small(ngx_pool_t *pool, size_t size,
- ngx_uint_t align);
-static void *ngx_palloc_block(ngx_pool_t *pool, size_t size);
-static void *ngx_palloc_large(ngx_pool_t *pool, size_t size);
+static void * ngx_malloc(ngx_pool_t *pool, size_t size);
ngx_pool_t *
ngx_create_pool(size_t size, ngx_log_t *log)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
- p = ngx_memalign(NGX_POOL_ALIGNMENT, size, log);
+ size = sizeof(ngx_pool_t);
+ p = ngx_alloc(size, log);
if (p == NULL) {
return NULL;
}
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.end = (u_char *) p + size;
- p->d.next = NULL;
- p->d.failed = 0;
+ ngx_memzero(p, size);
size = size - sizeof(ngx_pool_t);
p->max = (size < NGX_MAX_ALLOC_FROM_POOL) ? size : NGX_MAX_ALLOC_FROM_POOL;
p->current = p;
- p->chain = NULL;
- p->large = NULL;
- p->cleanup = NULL;
p->log = log;
return p;
@@ -46,8 +38,7 @@ ngx_create_pool(size_t size, ngx_log_t *
void
ngx_destroy_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p, *n;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
ngx_pool_cleanup_t *c;
for (c = pool->cleanup; c; c = c->next) {
@@ -58,6 +49,11 @@ ngx_destroy_pool(ngx_pool_t *pool)
}
}
+ if (pool->d == NULL) {
+ ngx_free(pool);
+ return;
+ }
+
#if (NGX_DEBUG)
/*
@@ -65,13 +61,9 @@ ngx_destroy_pool(ngx_pool_t *pool)
* so we cannot use this log while free()ing the pool
*/
- for (l = pool->large; l; l = l->next) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", l->alloc);
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
ngx_log_debug2(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p, unused: %uz", p, p->d.end - p->d.last);
+ "free: %p, unused: %d", d, 0);
if (n == NULL) {
break;
@@ -80,171 +72,82 @@ ngx_destroy_pool(ngx_pool_t *pool)
#endif
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
- }
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
- ngx_free(p);
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ ngx_free(d->alloc);
+ ngx_free(d);
if (n == NULL) {
break;
}
}
+
+ pool->d = NULL;
+ ngx_free(pool);
}
void
ngx_reset_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
+ ngx_pool_data_t *saved = NULL;
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
+ if (pool->d) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ if (d->alloc == pool->log) {
+ saved = d;
+ continue;
+ }
+
+ ngx_free(d->alloc);
+ ngx_free(d);
+
+ if (n == NULL) {
+ break;
+ }
}
- }
- for (p = pool; p; p = p->d.next) {
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.failed = 0;
+ pool->d = saved;
+ pool->current = pool;
+ pool->chain = NULL;
}
-
- pool->current = pool;
- pool->chain = NULL;
- pool->large = NULL;
}
void *
ngx_palloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 1);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
+ return ngx_malloc(pool, size);
}
void *
ngx_pnalloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 0);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
-}
-
-
-static ngx_inline void *
-ngx_palloc_small(ngx_pool_t *pool, size_t size, ngx_uint_t align)
-{
- u_char *m;
- ngx_pool_t *p;
-
- p = pool->current;
-
- do {
- m = p->d.last;
-
- if (align) {
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- }
-
- if ((size_t) (p->d.end - m) >= size) {
- p->d.last = m + size;
-
- return m;
- }
-
- p = p->d.next;
-
- } while (p);
-
- return ngx_palloc_block(pool, size);
-}
-
-
-static void *
-ngx_palloc_block(ngx_pool_t *pool, size_t size)
-{
- u_char *m;
- size_t psize;
- ngx_pool_t *p, *new;
-
- psize = (size_t) (pool->d.end - (u_char *) pool);
-
- m = ngx_memalign(NGX_POOL_ALIGNMENT, psize, pool->log);
- if (m == NULL) {
- return NULL;
- }
-
- new = (ngx_pool_t *) m;
-
- new->d.end = m + psize;
- new->d.next = NULL;
- new->d.failed = 0;
-
- m += sizeof(ngx_pool_data_t);
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- new->d.last = m + size;
-
- for (p = pool->current; p->d.next; p = p->d.next) {
- if (p->d.failed++ > 4) {
- pool->current = p->d.next;
- }
- }
-
- p->d.next = new;
-
- return m;
+ return ngx_malloc(pool, size);
}
static void *
-ngx_palloc_large(ngx_pool_t *pool, size_t size)
+ngx_malloc(ngx_pool_t *pool, size_t size)
{
- void *p;
- ngx_uint_t n;
- ngx_pool_large_t *large;
+ void *p;
+ ngx_pool_data_t *d;
p = ngx_alloc(size, pool->log);
if (p == NULL) {
return NULL;
}
- n = 0;
-
- for (large = pool->large; large; large = large->next) {
- if (large->alloc == NULL) {
- large->alloc = p;
- return p;
- }
-
- if (n++ > 3) {
- break;
- }
- }
-
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
@@ -253,38 +156,48 @@ void *
ngx_pmemalign(ngx_pool_t *pool, size_t size, size_t alignment)
{
void *p;
- ngx_pool_large_t *large;
+ ngx_pool_data_t *d;
p = ngx_memalign(alignment, size, pool->log);
if (p == NULL) {
return NULL;
}
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
ngx_int_t
-ngx_pfree(ngx_pool_t *pool, void *p)
+ngx_pfree(ngx_pool_t *pool, void *data)
{
- ngx_pool_large_t *l;
+ ngx_pool_data_t *p, *d;
- for (l = pool->large; l; l = l->next) {
- if (p == l->alloc) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p", l->alloc);
- ngx_free(l->alloc);
- l->alloc = NULL;
+ p = NULL;
+ for (d = pool->d; d; p = d, d = d->next) {
+ if (data == d->alloc) {
+
+ ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", d->alloc);
+
+ ngx_free(d->alloc);
+ d->alloc = NULL;
+
+ if (p) {
+ p->next = d->next;
+
+ } else {
+ pool->d = d->next;
+ }
+
+ ngx_free(d);
return NGX_OK;
}
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.8/src/core/ngx_palloc.h nginx-1.19.8-patched/src/core/ngx_palloc.h
--- nginx-1.19.8/src/core/ngx_palloc.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.8-patched/src/core/ngx_palloc.h 2016-04-21 16:25:07.454949755 -0700
@@ -38,28 +38,21 @@ struct ngx_pool_cleanup_s {
};
-typedef struct ngx_pool_large_s ngx_pool_large_t;
-
-struct ngx_pool_large_s {
- ngx_pool_large_t *next;
- void *alloc;
-};
+typedef struct ngx_pool_data_s ngx_pool_large_t;
+typedef struct ngx_pool_data_s ngx_pool_data_t;
-typedef struct {
- u_char *last;
- u_char *end;
- ngx_pool_t *next;
- ngx_uint_t failed;
-} ngx_pool_data_t;
+struct ngx_pool_data_s {
+ ngx_pool_data_t *next;
+ void *alloc;
+};
struct ngx_pool_s {
- ngx_pool_data_t d;
+ ngx_pool_data_t *d;
size_t max;
ngx_pool_t *current;
ngx_chain_t *chain;
- ngx_pool_large_t *large;
ngx_pool_cleanup_t *cleanup;
ngx_log_t *log;
};

26
patches/nginx-1.19.8-pcre_conf_opt.patch Normal file
View File

@ -0,0 +1,26 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1386694955 28800
# Node ID 9ba6b149669f1f02eeb4cdc0ebd364a949b5c469
# Parent 30e806b8636af5fd3f03ec17df24801f390f7511
Configure: added new option --with-pcre-conf-opt=OPTIONS.
diff -r 30e806b8636a -r 9ba6b149669f auto/options
--- a/auto/options Mon Dec 09 10:16:44 2013 +0400
+++ b/auto/options Tue Dec 10 09:02:35 2013 -0800
@@ -286,6 +286,7 @@
--with-pcre) USE_PCRE=YES ;;
--with-pcre=*) PCRE="$value" ;;
--with-pcre-opt=*) PCRE_OPT="$value" ;;
+ --with-pcre-conf-opt=*) PCRE_CONF_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
--with-openssl=*) OPENSSL="$value" ;;
@@ -441,6 +442,7 @@
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
+ --with-pcre-conf-opt=OPTIONS set additional configure options for PCRE
--with-pcre-jit build PCRE with JIT compilation support
--with-md5=DIR set path to md5 library sources

211
patches/nginx-1.19.8-privileged_agent_process.patch Normal file
View File

@ -0,0 +1,211 @@
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 60f8fe7..4bd244b 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -981,6 +981,7 @@ ngx_core_module_create_conf(ngx_cycle_t *cycle)
ccf->daemon = NGX_CONF_UNSET;
ccf->master = NGX_CONF_UNSET;
+ ccf->privileged_agent = NGX_CONF_UNSET;
ccf->timer_resolution = NGX_CONF_UNSET_MSEC;
ccf->worker_processes = NGX_CONF_UNSET;
@@ -1009,6 +1010,7 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->daemon, 1);
ngx_conf_init_value(ccf->master, 1);
+ ngx_conf_init_value(ccf->privileged_agent, 0);
ngx_conf_init_msec_value(ccf->timer_resolution, 0);
ngx_conf_init_value(ccf->worker_processes, 1);
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..3261f90 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,6 +22,9 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_PRIVILEGED_PROCESS_PATCH 1
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
@@ -81,6 +84,7 @@ struct ngx_cycle_s {
typedef struct {
ngx_flag_t daemon;
ngx_flag_t master;
+ ngx_flag_t privileged_agent;
ngx_msec_t timer_resolution;
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 7cee1c5..c4f70d6 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -15,6 +15,8 @@ static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n,
ngx_int_t type);
static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle,
ngx_uint_t respawn);
+static void ngx_start_privileged_agent_processes(ngx_cycle_t *cycle,
+ ngx_uint_t respawn);
static void ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch);
static void ngx_signal_worker_processes(ngx_cycle_t *cycle, int signo);
static ngx_uint_t ngx_reap_children(ngx_cycle_t *cycle);
@@ -24,6 +26,7 @@ static void ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker);
static void ngx_worker_process_exit(ngx_cycle_t *cycle);
static void ngx_channel_handler(ngx_event_t *ev);
static void ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data);
+static void ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data);
static void ngx_cache_manager_process_handler(ngx_event_t *ev);
static void ngx_cache_loader_process_handler(ngx_event_t *ev);
@@ -51,6 +54,8 @@ sig_atomic_t ngx_noaccept;
ngx_uint_t ngx_noaccepting;
ngx_uint_t ngx_restart;
+ngx_uint_t ngx_is_privileged_agent;
+
static u_char master_process[] = "master process";
@@ -130,6 +135,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_new_binary = 0;
delay = 0;
@@ -224,6 +230,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_noaccepting = 0;
continue;
@@ -243,6 +250,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_JUST_RESPAWN);
ngx_start_cache_manager_processes(cycle, 1);
+ ngx_start_privileged_agent_processes(cycle, 1);
/* allow new processes to start */
ngx_msleep(100);
@@ -257,6 +265,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
live = 1;
}
@@ -424,6 +433,34 @@ ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
static void
+ngx_start_privileged_agent_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
+{
+ ngx_channel_t ch;
+ ngx_core_conf_t *ccf;
+
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx,
+ ngx_core_module);
+
+ if (!ccf->privileged_agent) {
+ return;
+ }
+
+ ngx_spawn_process(cycle, ngx_privileged_agent_process_cycle,
+ "privileged agent process", "privileged agent process",
+ respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN);
+
+ ngx_memzero(&ch, sizeof(ngx_channel_t));
+
+ ch.command = NGX_CMD_OPEN_CHANNEL;
+ ch.pid = ngx_processes[ngx_process_slot].pid;
+ ch.slot = ngx_process_slot;
+ ch.fd = ngx_processes[ngx_process_slot].channel[0];
+
+ ngx_pass_open_channel(cycle, &ch);
+}
+
+
+static void
ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch)
{
ngx_int_t i;
@@ -827,7 +864,10 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
}
}
- if (geteuid() == 0) {
+ /*
+ * privileged agent process has the same permission as master process
+ */
+ if (!ngx_is_privileged_agent && geteuid() == 0) {
if (setgid(ccf->group) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"setgid(%d) failed", ccf->group);
@@ -1144,6 +1184,47 @@ ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data)
static void
+ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
+{
+ char *name = data;
+
+ /*
+ * Set correct process type since closing listening Unix domain socket
+ * in a master process also removes the Unix domain socket file.
+ */
+ ngx_process = NGX_PROCESS_HELPER;
+ ngx_is_privileged_agent = 1;
+
+ ngx_close_listening_sockets(cycle);
+
+ /* Set a moderate number of connections for a helper process. */
+ cycle->connection_n = 512;
+
+ ngx_worker_process_init(cycle, -1);
+
+ ngx_use_accept_mutex = 0;
+
+ ngx_setproctitle(name);
+
+ for ( ;; ) {
+
+ if (ngx_terminate || ngx_quit) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+ ngx_worker_process_exit(cycle);
+ }
+
+ if (ngx_reopen) {
+ ngx_reopen = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
+ ngx_reopen_files(cycle, -1);
+ }
+
+ ngx_process_events_and_timers(cycle);
+ }
+}
+
+
+static void
ngx_cache_manager_process_handler(ngx_event_t *ev)
{
time_t next, n;
diff --git a/src/os/unix/ngx_process_cycle.h b/src/os/unix/ngx_process_cycle.h
index 69495d5..5149396 100644
--- a/src/os/unix/ngx_process_cycle.h
+++ b/src/os/unix/ngx_process_cycle.h
@@ -45,6 +45,7 @@ extern ngx_pid_t ngx_new_binary;
extern ngx_uint_t ngx_inherited;
extern ngx_uint_t ngx_daemonized;
extern ngx_uint_t ngx_exiting;
+extern ngx_uint_t ngx_is_privileged_agent;
extern sig_atomic_t ngx_reap;
extern sig_atomic_t ngx_sigio;

19
patches/nginx-1.19.8-proxy_host_port_vars.patch Normal file
View File

@ -0,0 +1,19 @@
--- nginx-1.19.8/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
+++ nginx-1.19.8-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach
static ngx_http_variable_t ngx_http_proxy_vars[] = {
{ ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_add_x_forwarded_for"), NULL,
- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
+ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 },
#if 0
{ ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 },

263
patches/nginx-1.19.8-resolver_conf_parsing.patch Normal file
View File

@ -0,0 +1,263 @@
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..dade1846 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -9,12 +9,26 @@
#include <ngx_core.h>
#include <ngx_event.h>
+#if !(NGX_WIN32)
+#include <resolv.h>
+#endif
+
#define NGX_RESOLVER_UDP_SIZE 4096
#define NGX_RESOLVER_TCP_RSIZE (2 + 65535)
#define NGX_RESOLVER_TCP_WSIZE 8192
+#if !(NGX_WIN32)
+/*
+ * note that 2KB should be more than enough for majority of the
+ * resolv.conf files out there. it also acts as a safety guard to prevent
+ * abuse.
+ */
+#define NGX_RESOLVER_FILE_BUF_SIZE 2048
+#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf"
+#endif
+
typedef struct {
u_char ident_hi;
@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r,
#endif
+#if !(NGX_WIN32)
+static ngx_int_t
+ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path,
+ size_t path_len)
+{
+ ngx_url_t u;
+ ngx_resolver_connection_t *rec;
+ ngx_fd_t fd;
+ ngx_file_t file;
+ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE];
+ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN];
+ ngx_uint_t address = 0, j, total = 0;
+ ssize_t n, i;
+ enum {
+ sw_nameserver,
+ sw_spaces,
+ sw_address,
+ sw_skip
+ } state;
+
+ file.name.data = path;
+ file.name.len = path_len;
+
+ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+ NGX_FILE_OPEN, 0);
+
+ if (fd == NGX_INVALID_FILE) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ ngx_open_file_n " \"%s\" failed", file.name.data);
+
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&file, sizeof(ngx_file_t));
+
+ file.fd = fd;
+ file.log = cf->log;
+
+ state = sw_nameserver;
+
+ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0);
+
+ if (n == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_read_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_close_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (n == NGX_ERROR) {
+ return NGX_ERROR;
+ }
+
+ if (n == 0) {
+ return NGX_OK;
+ }
+
+ for (i = 0; i < n && total < MAXNS; /* void */) {
+ if (buf[i] == '#' || buf[i] == ';') {
+ state = sw_skip;
+ }
+
+ switch (state) {
+
+ case sw_nameserver:
+
+ if ((size_t) n - i >= sizeof("nameserver") - 1
+ && ngx_memcmp(buf + i, "nameserver",
+ sizeof("nameserver") - 1) == 0)
+ {
+ state = sw_spaces;
+ i += sizeof("nameserver") - 1;
+
+ continue;
+ }
+
+ break;
+
+ case sw_spaces:
+ if (buf[i] != '\t' && buf[i] != ' ') {
+ address = i;
+ state = sw_address;
+ }
+
+ break;
+
+ case sw_address:
+
+ if (buf[i] == CR || buf[i] == LF || i == n - 1) {
+ ngx_memzero(&u, sizeof(ngx_url_t));
+
+ u.url.data = buf + address;
+
+ if (i == n - 1 && buf[i] != CR && buf[i] != LF) {
+ u.url.len = n - address;
+
+ } else {
+ u.url.len = i - address;
+ }
+
+ u.default_port = 53;
+
+ /* IPv6? */
+ if (ngx_strlchr(u.url.data, u.url.data + u.url.len,
+ ':') != NULL)
+ {
+ if (u.url.len + 2 > sizeof(ipv6_buf)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "IPv6 resolver address is too long:"
+ " \"%V\"", &u.url);
+
+ return NGX_ERROR;
+ }
+
+ ipv6_buf[0] = '[';
+ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len);
+ ipv6_buf[u.url.len + 1] = ']';
+
+ u.url.data = ipv6_buf;
+ u.url.len = u.url.len + 2;
+ }
+
+ if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
+ if (u.err) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "%s in resolver \"%V\"",
+ u.err, &u.url);
+ }
+
+ return NGX_ERROR;
+ }
+
+ rec = ngx_array_push_n(&r->connections, u.naddrs);
+ if (rec == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t));
+
+ for (j = 0; j < u.naddrs; j++) {
+ rec[j].sockaddr = u.addrs[j].sockaddr;
+ rec[j].socklen = u.addrs[j].socklen;
+ rec[j].server = u.addrs[j].name;
+ rec[j].resolver = r;
+ }
+
+ total++;
+
+#if (NGX_DEBUG)
+ /*
+ * logs with level below NGX_LOG_NOTICE will not be printed
+ * in this early phase
+ */
+ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0,
+ "parsed a resolver: \"%V\"", &u.url);
+#endif
+
+ state = sw_nameserver;
+ }
+
+ break;
+
+ case sw_skip:
+ if (buf[i] == CR || buf[i] == LF) {
+ state = sw_nameserver;
+ }
+
+ break;
+ }
+
+ i++;
+ }
+
+ return NGX_OK;
+}
+#endif
+
+
ngx_resolver_t *
ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
{
@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
}
#endif
+#if !(NGX_WIN32)
+ if (ngx_strncmp(names[i].data, "local=", 6) == 0) {
+
+ if (ngx_strcmp(&names[i].data[6], "on") == 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ (u_char *)
+ NGX_RESOLVER_FILE_NAME,
+ sizeof(NGX_RESOLVER_FILE_NAME)
+ - 1)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ &names[i].data[6],
+ names[i].len - 6)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ }
+
+ continue;
+ }
+#endif
+
ngx_memzero(&u, sizeof(ngx_url_t));
u.url = names[i];

38
patches/nginx-1.19.8-reuseport_close_unused_fds.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
--- a/src/core/ngx_connection.c
+++ b/src/core/ngx_connection.c
@@ -1118,6 +1118,12 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
+#if (NGX_HAVE_REUSEPORT)
+ if (ls[i].fd == (ngx_socket_t) -1) {
+ continue;
+ }
+#endif
+
c = ls[i].connection;
if (c) {
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -775,6 +775,18 @@ ngx_event_process_init(ngx_cycle_t *cycle)
#if (NGX_HAVE_REUSEPORT)
if (ls[i].reuseport && ls[i].worker != ngx_worker) {
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, cycle->log, 0,
+ "closing unused fd:%d listening on %V",
+ ls[i].fd, &ls[i].addr_text);
+
+ if (ngx_close_socket(ls[i].fd) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno,
+ ngx_close_socket_n " %V failed",
+ &ls[i].addr_text);
+ }
+
+ ls[i].fd = (ngx_socket_t) -1;
+
continue;
}
#endif

56
patches/nginx-1.19.8-safe_resolver_ipv6_option.patch Normal file
View File

@ -0,0 +1,56 @@
# HG changeset patch
# User Thibault Charbonnier <thibaultcha@fastmail.com>
# Date 1481847421 28800
# Thu Dec 15 16:17:01 2016 -0800
# Node ID 8bf038fe006fd8ae253d6b41fc6cf109a8912d3e
# Parent a3dc657f4e9530623683e6b85bd7492662e4dc47
Resolver: ignore ipv6=off resolver option when no ipv6 support
Makes the resolver directive more robust: we only error out when ipv6
resolution is desired but not supported (ipv6=on).
use case 1: some configurations are sometimes re-used between builds with and
without ipv6 support. This patch avoids the need to remove the "ipv6=off" flag.
use case 2: currently, some tools rely on the --with-ipv6 configure option from
"nginx -V" to determine if ipv6 resolution should be disabled in some cases.
With this option disappearing in Nginx 1.11.5, this patch would allow such tools
to assume "ipv6=off" to be safe regardless of ipv6 support in the current
build.
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index dade1846..5a3f0aa4 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -426,14 +426,22 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue;
}
-#if (NGX_HAVE_INET6)
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 1;
+#else
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "no ipv6 support but \"%V\" in resolver",
+ &names[i]);
+ return NULL;
+#endif
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 0;
+#endif
} else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -443,7 +451,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue;
}
-#endif
#if !(NGX_WIN32)
if (ngx_strncmp(names[i].data, "local=", 6) == 0) {

39
patches/nginx-1.19.8-server_header.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/src/core/nginx.h b/src/core/nginx.h
index a3c0ef8..1263881 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -11,7 +11,7 @@
#define nginx_version 1019008
#define NGINX_VERSION "1.19.8"
-#define NGINX_VER "nginx/" NGINX_VERSION
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
#ifdef NGX_BUILD
#define NGINX_VER_BUILD NGINX_VER " (" NGX_BUILD ")"
diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c
index 9b89405..ca13f2a 100644
--- a/src/http/ngx_http_header_filter_module.c
+++ b/src/http/ngx_http_header_filter_module.c
@@ -46,7 +46,7 @@ ngx_module_t ngx_http_header_filter_module = {
};
-static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
+static u_char ngx_http_server_string[] = "Server: openresty" CRLF;
static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index 8621e7a..a76c677 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -143,7 +143,7 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
ngx_http_core_srv_conf_t *cscf;
u_char addr[NGX_SOCKADDR_STRLEN];
- static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
+ static const u_char nginx[8] = "\x87\x3d\x65\xaa\xc2\xa1\x3e\xbf";
#if (NGX_HTTP_GZIP)
static const u_char accept_encoding[12] =
"\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";

44
patches/nginx-1.19.8-setting_args_invalidates_uri.patch Normal file
View File

@ -0,0 +1,44 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1390506359 28800
# Node ID 17186b98c235c07e94c64e5853689f790f173756
# Parent 4b50d1f299d8a69f3e3f7975132e1490352642fe
Variable: setting $args should invalidate unparsed uri.
diff -r 4b50d1f299d8 -r 17186b98c235 src/http/ngx_http_variables.c
--- a/src/http/ngx_http_variables.c Fri Jan 10 11:22:14 2014 -0800
+++ b/src/http/ngx_http_variables.c Thu Jan 23 11:45:59 2014 -0800
@@ -15,6 +15,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static void ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_request_get_size(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set_size(ngx_http_request_t *r,
@@ -218,7 +220,7 @@
NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("args"),
- ngx_http_variable_request_set,
+ ngx_http_variable_request_args_set,
ngx_http_variable_request,
offsetof(ngx_http_request_t, args),
NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
@@ -647,6 +649,15 @@
static void
+ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ r->valid_unparsed_uri = 0;
+ ngx_http_variable_request_set(r, v, data);
+}
+
+
+static void
ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{

75
patches/nginx-1.19.8-single_process_graceful_exit.patch Normal file
View File

@ -0,0 +1,75 @@
diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c
index 15680237..12a8c687 100644
--- a/src/os/unix/ngx_process.c
+++ b/src/os/unix/ngx_process.c
@@ -362,8 +362,15 @@ ngx_signal_handler(int signo, siginfo_t *siginfo, void *ucontext)
break;
case ngx_signal_value(NGX_RECONFIGURE_SIGNAL):
- ngx_reconfigure = 1;
- action = ", reconfiguring";
+ if (ngx_process == NGX_PROCESS_SINGLE) {
+ ngx_terminate = 1;
+ action = ", exiting";
+
+ } else {
+ ngx_reconfigure = 1;
+ action = ", reconfiguring";
+ }
+
break;
case ngx_signal_value(NGX_REOPEN_SIGNAL):
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 5817a2c2..f3d58e97 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -305,11 +305,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
}
for ( ;; ) {
+ if (ngx_exiting) {
+ if (ngx_event_no_timers_left() == NGX_OK) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+
+ for (i = 0; cycle->modules[i]; i++) {
+ if (cycle->modules[i]->exit_process) {
+ cycle->modules[i]->exit_process(cycle);
+ }
+ }
+
+ ngx_master_process_exit(cycle);
+ }
+ }
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
ngx_process_events_and_timers(cycle);
- if (ngx_terminate || ngx_quit) {
+ if (ngx_terminate) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
for (i = 0; cycle->modules[i]; i++) {
if (cycle->modules[i]->exit_process) {
@@ -320,6 +335,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
ngx_master_process_exit(cycle);
}
+ if (ngx_quit) {
+ ngx_quit = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0,
+ "gracefully shutting down");
+ ngx_setproctitle("process is shutting down");
+
+ if (!ngx_exiting) {
+ ngx_exiting = 1;
+ ngx_set_shutdown_timer(cycle);
+ ngx_close_listening_sockets(cycle);
+ ngx_close_idle_connections(cycle);
+ }
+ }
+
if (ngx_reconfigure) {
ngx_reconfigure = 0;
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring");

185
patches/nginx-1.19.8-socket_cloexec.patch Normal file
View File

@ -0,0 +1,185 @@
diff --git a/auto/unix b/auto/unix
index 10835f6c..b5b33bb3 100644
--- a/auto/unix
+++ b/auto/unix
@@ -990,3 +990,27 @@ ngx_feature_test='struct addrinfo *res;
if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1;
freeaddrinfo(res)'
. auto/feature
+
+ngx_feature="SOCK_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);"
+. auto/feature
+
+ngx_feature="FD_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_FD_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <fcntl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);"
+. auto/feature
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..438e0806 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4466,8 +4466,14 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
ngx_event_t *rev, *wev;
ngx_connection_t *c;
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0);
+#endif
+
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s);
if (s == (ngx_socket_t) -1) {
@@ -4494,6 +4500,15 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
rev = c->read;
wev = c->write;
diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h
index 19fec68..8c2f01a 100644
--- a/src/event/ngx_event.h
+++ b/src/event/ngx_event.h
@@ -73,6 +73,9 @@ struct ngx_event_s {
/* to test on worker exit */
unsigned channel:1;
unsigned resolver:1;
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ unsigned skip_socket_leak_check:1;
+#endif
unsigned cancelable:1;
diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
index 77563709..5827b9d0 100644
--- a/src/event/ngx_event_accept.c
+++ b/src/event/ngx_event_accept.c
@@ -62,7 +62,9 @@ ngx_event_accept(ngx_event_t *ev)
#if (NGX_HAVE_ACCEPT4)
if (use_accept4) {
- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK);
+ s = accept4(lc->fd, &sa.sockaddr, &socklen,
+ SOCK_NONBLOCK | SOCK_CLOEXEC);
+
} else {
s = accept(lc->fd, &sa.sockaddr, &socklen);
}
@@ -202,6 +204,16 @@ ngx_event_accept(ngx_event_t *ev)
ngx_close_accepted_connection(c);
return;
}
+
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+ ngx_close_accepted_connection(c);
+ return;
+ }
+#endif
+
}
}
diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c
index c5bb8068..cf33b1d2 100644
--- a/src/event/ngx_event_connect.c
+++ b/src/event/ngx_event_connect.c
@@ -38,8 +38,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
type = (pc->type ? pc->type : SOCK_STREAM);
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(pc->sockaddr->sa_family, type, 0);
+#endif
+
+
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d",
(type == SOCK_STREAM) ? "stream" : "dgram", s);
@@ -80,6 +87,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
if (pc->local) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index c4376a5..48e8fa8 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -1032,6 +1032,9 @@ ngx_worker_process_exit(ngx_cycle_t *cycle)
for (i = 0; i < cycle->connection_n; i++) {
if (c[i].fd != -1
&& c[i].read
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ && !c[i].read->skip_socket_leak_check
+#endif
&& !c[i].read->accept
&& !c[i].read->channel
&& !c[i].read->resolver)
diff --git a/src/os/unix/ngx_socket.h b/src/os/unix/ngx_socket.h
index fcc51533..d1eebf47 100644
--- a/src/os/unix/ngx_socket.h
+++ b/src/os/unix/ngx_socket.h
@@ -38,6 +38,17 @@ int ngx_blocking(ngx_socket_t s);
#endif
+#if (NGX_HAVE_FD_CLOEXEC)
+
+#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC)
+#define ngx_cloexec_n "fcntl(FD_CLOEXEC)"
+
+/* at least FD_CLOEXEC is required to ensure connection fd is closed
+ * after execve */
+#define HAVE_SOCKET_CLOEXEC_PATCH 1
+
+#endif
+
int ngx_tcp_nopush(ngx_socket_t s);
int ngx_tcp_push(ngx_socket_t s);

64
patches/nginx-1.19.8-ssl_cert_cb_yield.patch Normal file
View File

@ -0,0 +1,64 @@
# HG changeset patch
# User Yichun Zhang <agentzh@openresty.org>
# Date 1451762084 28800
# Sat Jan 02 11:14:44 2016 -0800
# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd
# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4
SSL: handled SSL_CTX_set_cert_cb() callback yielding.
OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom
callbacks to serve the SSL certificiates and private keys dynamically
and lazily. The callbacks may yield for nonblocking I/O or sleeping.
Here we added support for such usage in NGINX 3rd-party modules
(like ngx_lua) in NGINX's event handlers for downstream SSL
connections.
diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300
+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800
@@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c)
return NGX_AGAIN;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;
@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
return NGX_AGAIN;
}
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

41
patches/nginx-1.19.8-ssl_sess_cb_yield.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1446,7 +1446,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
+# ifdef SSL_ERROR_PENDING_SESSION
+ || sslerr == SSL_ERROR_PENDING_SESSION
+# endif
+ )
+ {
c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler;
@@ -1575,6 +1580,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
return NGX_AGAIN;
}
+#ifdef SSL_ERROR_PENDING_SESSION
+ if (sslerr == SSL_ERROR_PENDING_SESSION) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

50
patches/nginx-1.19.8-static_mod_escape_loc_hdr.patch Normal file
View File

@ -0,0 +1,50 @@
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index 282d6ee..899e11e 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -58,6 +58,8 @@ ngx_http_static_handler(ngx_http_request_t *r)
ngx_chain_t out;
ngx_open_file_info_t of;
ngx_http_core_loc_conf_t *clcf;
+ u_char *uri;
+ uintptr_t escape;
if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) {
return NGX_HTTP_NOT_ALLOWED;
@@ -162,9 +164,21 @@ ngx_http_static_handler(ngx_http_request_t *r)
*last = '/';
+ escape = 2 * ngx_escape_uri(NULL, location, len, NGX_ESCAPE_URI);
+ if (escape > 0) {
+ uri = ngx_pnalloc(r->pool, len + escape);
+ if (uri == NULL) {
+ return NGX_ERROR;
+ }
+ ngx_escape_uri(uri, location, len, NGX_ESCAPE_URI);
+ location = uri;
+ len += escape;
+ }
+
} else {
+ escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
if (r->args.len) {
- len += r->args.len + 1;
+ len += r->args.len + 1 + escape;
}
location = ngx_pnalloc(r->pool, len);
@@ -173,7 +187,12 @@ ngx_http_static_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- last = ngx_copy(location, r->uri.data, r->uri.len);
+ if (escape > 0) {
+ last = (u_char *) ngx_escape_uri(location, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
+
+ } else {
+ last = ngx_copy(location, r->uri.data, r->uri.len);
+ }
*last = '/';

53
patches/nginx-1.19.8-stream_balancer_export.patch Normal file
View File

@ -0,0 +1,53 @@
diff --git a/src/stream/ngx_stream_upstream_round_robin.c b/src/stream/ngx_stream_upstream_round_robin.c
index 526de3a..b531ce1 100644
--- a/src/stream/ngx_stream_upstream_round_robin.c
+++ b/src/stream/ngx_stream_upstream_round_robin.c
@@ -21,10 +21,6 @@ static void ngx_stream_upstream_notify_round_robin_peer(
#if (NGX_STREAM_SSL)
-static ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
-static void ngx_stream_upstream_save_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
static ngx_int_t ngx_stream_upstream_empty_set_session(
ngx_peer_connection_t *pc, void *data);
static void ngx_stream_upstream_empty_save_session(ngx_peer_connection_t *pc,
@@ -690,7 +686,7 @@ ngx_stream_upstream_notify_round_robin_peer(ngx_peer_connection_t *pc,
#if (NGX_STREAM_SSL)
-static ngx_int_t
+ngx_int_t
ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
@@ -756,7 +752,7 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
}
-static void
+void
ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
diff --git a/src/stream/ngx_stream_upstream_round_robin.h b/src/stream/ngx_stream_upstream_round_robin.h
index 35d9fce..75f3e31 100644
--- a/src/stream/ngx_stream_upstream_round_robin.h
+++ b/src/stream/ngx_stream_upstream_round_robin.h
@@ -142,5 +142,15 @@ ngx_int_t ngx_stream_upstream_get_round_robin_peer(ngx_peer_connection_t *pc,
void ngx_stream_upstream_free_round_robin_peer(ngx_peer_connection_t *pc,
void *data, ngx_uint_t state);
+#if (NGX_STREAM_SSL)
+ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+void ngx_stream_upstream_save_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+#endif
+
+
+#define HAVE_NGX_STREAM_BALANCER_EXPORT_PATCH 1
+
#endif /* _NGX_STREAM_UPSTREAM_ROUND_ROBIN_H_INCLUDED_ */

31
patches/nginx-1.19.8-stream_proxy_get_next_upstream_tries.patch Normal file
View File

@ -0,0 +1,31 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d2459..de92724 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
extern ngx_stream_filter_pt ngx_stream_top_filter;
+#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1
+
+
#endif /* _NGX_STREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 0afde1c..3254ce1 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK;
}
+
+
+ngx_uint_t
+ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s)
+{
+ ngx_stream_proxy_srv_conf_t *pscf;
+
+ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+
+ return pscf->next_upstream_tries;
+}

182
patches/nginx-1.19.8-stream_proxy_timeout_fields.patch Normal file
View File

@ -0,0 +1,182 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 57e73e04..9a95ef99 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -242,6 +242,15 @@ typedef struct {
} ngx_stream_module_t;
+typedef struct {
+ ngx_msec_t connect_timeout;
+ ngx_msec_t timeout;
+} ngx_stream_proxy_ctx_t;
+
+
+#define NGX_STREAM_HAVE_PROXY_TIMEOUT_FIELDS_PATCH 1
+
+
#define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */
#define NGX_STREAM_MAIN_CONF 0x02000000
@@ -295,6 +304,7 @@ void ngx_stream_finalize_session(ngx_stream_session_t *s, ngx_uint_t rc);
extern ngx_module_t ngx_stream_module;
extern ngx_uint_t ngx_stream_max_module;
extern ngx_module_t ngx_stream_core_module;
+extern ngx_module_t ngx_stream_proxy_module;
typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 7484a728..7b50b427 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -378,6 +378,7 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_stream_proxy_srv_conf_t *pscf;
ngx_stream_upstream_srv_conf_t *uscf, **uscfp;
ngx_stream_upstream_main_conf_t *umcf;
+ ngx_stream_proxy_ctx_t *pctx;
c = s->connection;
@@ -386,6 +387,17 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"proxy connection handler");
+ pctx = ngx_palloc(c->pool, sizeof(ngx_stream_proxy_ctx_t));
+ if (pctx == NULL) {
+ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ pctx->connect_timeout = pscf->connect_timeout;
+ pctx->timeout = pscf->timeout;
+
+ ngx_stream_set_ctx(s, pctx, ngx_stream_proxy_module);
+
u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t));
if (u == NULL) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
@@ -677,6 +689,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = s->connection;
@@ -684,6 +697,8 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
u = s->upstream;
u->connected = 0;
@@ -747,7 +762,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pc->read->handler = ngx_stream_proxy_connect_handler;
pc->write->handler = ngx_stream_proxy_connect_handler;
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
@@ -920,8 +935,10 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
ssize_t n, size;
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
- ngx_stream_proxy_srv_conf_t *pscf;
u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER];
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
c = s->connection;
@@ -948,9 +965,7 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
return NGX_ERROR;
}
- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
-
- ngx_add_timer(pc->write, pscf->timeout);
+ ngx_add_timer(pc->write, ctx->timeout);
pc->write->handler = ngx_stream_proxy_connect_handler;
@@ -1014,6 +1029,9 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
ngx_connection_t *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1051,7 +1069,7 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
if (rc == NGX_AGAIN) {
if (!pc->write->timer_set) {
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
pc->ssl->handler = ngx_stream_proxy_ssl_handshake;
@@ -1316,6 +1334,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = ev->data;
s = c->data;
@@ -1327,6 +1346,8 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
return;
}
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
c = s->connection;
pc = u->peer.connection;
@@ -1346,7 +1367,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
}
if (u->connected && !c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
}
return;
@@ -1507,7 +1528,9 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
ngx_connection_t *c, *pc, *src, *dst;
ngx_log_handler_pt handler;
ngx_stream_upstream_t *u;
- ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1529,8 +1552,6 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
return;
}
- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
-
if (from_upstream) {
src = pc;
dst = c;
@@ -1682,7 +1703,7 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
}
if (!c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);

13
patches/nginx-1.19.8-stream_ssl_preread_no_skip.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index e3d11fd9..3717b5fe 100644
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
if (rc != NGX_AGAIN) {
- return rc;
+ return rc == NGX_OK ? NGX_DECLINED : rc;
}
p += len;

23
patches/nginx-1.19.8-upstream_pipelining.patch Normal file
View File

@ -0,0 +1,23 @@
commit f9907b72a76a21ac5413187b83177a919475c75f
Author: Yichun Zhang (agentzh) <agentzh@gmail.com>
Date: Wed Feb 10 16:05:08 2016 -0800
bugfix: upstream: keep sending request data after the first write attempt.
See
http://mailman.nginx.org/pipermail/nginx-devel/2012-March/002040.html
for more details on the issue.
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 69019417..92b7c97f 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2239,7 +2239,7 @@ ngx_http_upstream_send_request_handler(ngx_http_request_t *r,
#endif
- if (u->header_sent && !u->conf->preserve_output) {
+ if (u->request_body_sent && !u->conf->preserve_output) {
u->write_event_handler = ngx_http_upstream_dummy_handler;
(void) ngx_handle_write_event(c->write, 0);

112
patches/nginx-1.19.8-upstream_timeout_fields.patch Normal file
View File

@ -0,0 +1,112 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 69019417..2265d8f7 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -509,12 +509,19 @@ void
ngx_http_upstream_init(ngx_http_request_t *r)
{
ngx_connection_t *c;
+ ngx_http_upstream_t *u;
c = r->connection;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http init upstream, client timer: %d", c->read->timer_set);
+ u = r->upstream;
+
+ u->connect_timeout = u->conf->connect_timeout;
+ u->send_timeout = u->conf->send_timeout;
+ u->read_timeout = u->conf->read_timeout;
+
#if (NGX_HTTP_V2)
if (r->stream) {
ngx_http_upstream_init_request(r);
@@ -1626,7 +1633,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
u->request_body_blocked = 0;
if (rc == NGX_AGAIN) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
return;
}
@@ -1704,7 +1711,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
if (rc == NGX_AGAIN) {
if (!c->write->timer_set) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
}
c->ssl->handler = ngx_http_upstream_ssl_handshake_handler;
@@ -2022,7 +2029,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
if (rc == NGX_AGAIN) {
if (!c->write->ready || u->request_body_blocked) {
- ngx_add_timer(c->write, u->conf->send_timeout);
+ ngx_add_timer(c->write, u->send_timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);
@@ -2084,7 +2091,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
return;
}
- ngx_add_timer(c->read, u->conf->read_timeout);
+ ngx_add_timer(c->read, u->read_timeout);
if (c->read->ready) {
ngx_http_upstream_process_header(r, u);
@@ -3213,7 +3220,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
p->cyclic_temp_file = 0;
}
- p->read_timeout = u->conf->read_timeout;
+ p->read_timeout = u->read_timeout;
p->send_timeout = clcf->send_timeout;
p->send_lowat = clcf->send_lowat;
@@ -3458,7 +3465,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->write->active && !upstream->write->ready) {
- ngx_add_timer(upstream->write, u->conf->send_timeout);
+ ngx_add_timer(upstream->write, u->send_timeout);
} else if (upstream->write->timer_set) {
ngx_del_timer(upstream->write);
@@ -3470,7 +3477,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
@@ -3664,7 +3671,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index c2f4dc0b..b9eef118 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -333,6 +333,11 @@ struct ngx_http_upstream_s {
ngx_array_t *caches;
#endif
+#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1
+ ngx_msec_t connect_timeout;
+ ngx_msec_t send_timeout;
+ ngx_msec_t read_timeout;
+
ngx_http_upstream_headers_in_t headers_in;
ngx_http_upstream_resolved_t *resolved;

15
patches/nginx-1.19.8-win32_max_err_str.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/src/os/win32/ngx_event_log.c b/src/os/win32/ngx_event_log.c
index e11ed1e8..dce8eddd 100644
--- a/src/os/win32/ngx_event_log.c
+++ b/src/os/win32/ngx_event_log.c
@@ -8,7 +8,9 @@
#include <ngx_core.h>
-#define NGX_MAX_ERROR_STR 2048
+#ifndef NGX_MAX_ERROR_STR
+#define NGX_MAX_ERROR_STR 4096
+#endif
void ngx_cdecl

11
patches/nginx-1.19.9-always_enable_cc_feature_tests.patch Normal file
View File

@ -0,0 +1,11 @@
--- nginx-1.19.9/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800
+++ nginx-1.19.9-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800
@@ -136,7 +136,7 @@ fi
CFLAGS="$CFLAGS $NGX_CC_OPT"
NGX_TEST_LD_OPT="$NGX_LD_OPT"
-if [ "$NGX_PLATFORM" != win32 ]; then
+if [ 1 ]; then
if test -n "$NGX_LD_OPT"; then
ngx_feature=--with-ld-opt=\"$NGX_LD_OPT\"

72
patches/nginx-1.19.9-balancer_status_code.patch Normal file
View File

@ -0,0 +1,72 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index f8d5707d..6efe0047 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ ngx_http_upstream_finalize_request(r, u, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 3e714e5b..dfbb25e0 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[];
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..d8b4b584 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t;
#define NGX_STREAM_OK 200
+#define NGX_STREAM_SPECIAL_RESPONSE 300
#define NGX_STREAM_BAD_REQUEST 400
#define NGX_STREAM_FORBIDDEN 403
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..329dcdc6 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
return;
}
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) {
+ ngx_stream_proxy_finalize(s, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h
index 73947f46..21bc0ad7 100644
--- a/src/stream/ngx_stream_upstream.h
+++ b/src/stream/ngx_stream_upstream.h
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf,
extern ngx_module_t ngx_stream_upstream_module;
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */

13
patches/nginx-1.19.9-builtin_error_page_footer.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 64e5acd..f5374f6 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -26,7 +26,7 @@ static u_char ngx_http_error_full_tail[] =
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
+"<hr><center>openresty</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

19
patches/nginx-1.19.9-cache_manager_exit.patch Normal file
View File

@ -0,0 +1,19 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1383598130 28800
# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa
# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c
Cache: gracefully exit the cache manager process.
diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400
+++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800
@@ -1134,7 +1134,7 @@
if (ngx_terminate || ngx_quit) {
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
- exit(0);
+ ngx_worker_process_exit(cycle);
}
if (ngx_reopen) {

12
patches/nginx-1.19.9-daemon_destroy_pool.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
index ab672110..f259af31 100644
--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
@@ -23,6 +23,8 @@ ngx_daemon(ngx_log_t *log)
break;
default:
+ /* just to make it ASAN or Valgrind clean */
+ ngx_destroy_pool(ngx_cycle->pool);
exit(0);
}

98
patches/nginx-1.19.9-delayed_posted_events.patch Normal file
View File

@ -0,0 +1,98 @@
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index 57af8132..4853945f 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
ngx_uint_t flags;
ngx_msec_t timer, delta;
+ ngx_queue_t *q;
+ ngx_event_t *ev;
+
if (ngx_timer_resolution) {
timer = NGX_TIMER_INFINITE;
flags = 0;
@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
#endif
}
+ if (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "posted delayed event queue not empty"
+ " making poll timeout 0");
+ timer = 0;
+ }
+
if (ngx_use_accept_mutex) {
if (ngx_accept_disabled > 0) {
ngx_accept_disabled--;
@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
}
ngx_event_process_posted(cycle, &ngx_posted_events);
+
+ while (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ q = ngx_queue_head(&ngx_posted_delayed_events);
+
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ if (ev->delayed) {
+ /* start of newly inserted nodes */
+ for (/* void */;
+ q != ngx_queue_sentinel(&ngx_posted_delayed_events);
+ q = ngx_queue_next(q))
+ {
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ ev->delayed = 0;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "skipping delayed posted event %p,"
+ " till next iteration", ev);
+ }
+
+ break;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "delayed posted event %p", ev);
+
+ ngx_delete_posted_event(ev);
+
+ ev->handler(ev);
+ }
}
@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
ngx_queue_init(&ngx_posted_accept_events);
ngx_queue_init(&ngx_posted_events);
+ ngx_queue_init(&ngx_posted_delayed_events);
if (ngx_event_timer_init(cycle->log) == NGX_ERROR) {
return NGX_ERROR;
diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c
index d851f3d1..b6cea009 100644
--- a/src/event/ngx_event_posted.c
+++ b/src/event/ngx_event_posted.c
@@ -12,6 +12,7 @@
ngx_queue_t ngx_posted_accept_events;
ngx_queue_t ngx_posted_events;
+ngx_queue_t ngx_posted_delayed_events;
void
diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h
index 145d30fe..6c388553 100644
--- a/src/event/ngx_event_posted.h
+++ b/src/event/ngx_event_posted.h
@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted);
extern ngx_queue_t ngx_posted_accept_events;
extern ngx_queue_t ngx_posted_events;
+extern ngx_queue_t ngx_posted_delayed_events;
+
+#define HAVE_POSTED_DELAYED_EVENTS_PATCH
#endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */

20
patches/nginx-1.19.9-hash_overflow.patch Normal file
View File

@ -0,0 +1,20 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1412276417 25200
# Thu Oct 02 12:00:17 2014 -0700
# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5
# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd
Hash: buffer overflow might happen when exceeding the pre-configured limits.
diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c
--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700
+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
continue;
}
+ size--;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "

59
patches/nginx-1.19.9-init_cycle_pool_release.patch Normal file
View File

@ -0,0 +1,59 @@
diff -rup nginx-1.19.9/src/core/nginx.c nginx-1.19.9-patched/src/core/nginx.c
--- nginx-1.19.9/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800
+++ nginx-1.19.9-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800
@@ -186,6 +186,7 @@ static u_char *ngx_prefix;
static u_char *ngx_conf_file;
static u_char *ngx_conf_params;
static char *ngx_signal;
+ngx_pool_t *saved_init_cycle_pool = NULL;
static char **ngx_os_environ;
@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
return 1;
}
+ saved_init_cycle_pool = init_cycle.pool;
+
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
return 1;
}
diff -rup nginx-1.19.9/src/core/ngx_core.h nginx-1.19.9-patched/src/core/ngx_core.h
--- nginx-1.19.9/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800
@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
#endif
+extern ngx_pool_t *saved_init_cycle_pool;
+
#endif /* _NGX_CORE_H_INCLUDED_ */
diff -rup nginx-1.19.9/src/core/ngx_cycle.c nginx-1.19.9-patched/src/core/ngx_cycle.c
--- nginx-1.19.9/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800
@@ -748,6 +748,10 @@ old_shm_zone_done:
if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
+ if (ngx_is_init_cycle(old_cycle)) {
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(old_cycle->pool);
cycle->old_cycle = NULL;
diff -rup nginx-1.19.9/src/os/unix/ngx_process_cycle.c nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c
--- nginx-1.19.9/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800
+++ nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800
@@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
ngx_exit_cycle.files_n = ngx_cycle->files_n;
ngx_cycle = &ngx_exit_cycle;
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
+ ngx_destroy_pool(saved_init_cycle_pool);
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(cycle->pool);
exit(0);

60
patches/nginx-1.19.9-intercept_error_log.patch Normal file
View File

@ -0,0 +1,60 @@
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..4c335b9 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,9 +22,14 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_INTERCEPT_ERROR_LOG_PATCH
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
+typedef ngx_int_t (*ngx_log_intercept_pt) (ngx_log_t *log, ngx_uint_t level,
+ u_char *buf, size_t len);
struct ngx_shm_zone_s {
void *data;
@@ -75,6 +80,10 @@ struct ngx_cycle_s {
ngx_str_t prefix;
ngx_str_t lock_file;
ngx_str_t hostname;
+
+ ngx_log_intercept_pt intercept_error_log_handler;
+ void *intercept_error_log_data;
+ unsigned entered_logger; /* :1 */
};
diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c
index 8e9408d..ed9b11b 100644
--- a/src/core/ngx_log.c
+++ b/src/core/ngx_log.c
@@ -112,6 +112,8 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
ngx_uint_t wrote_stderr, debug_connection;
u_char errstr[NGX_MAX_ERROR_STR];
+ ngx_log_intercept_pt log_intercept = NULL;
+
last = errstr + NGX_MAX_ERROR_STR;
p = ngx_cpymem(errstr, ngx_cached_err_log_time.data,
@@ -153,6 +155,16 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
p = last - NGX_LINEFEED_SIZE;
}
+ if (ngx_cycle) {
+ log_intercept = ngx_cycle->intercept_error_log_handler;
+ }
+
+ if (log_intercept && !ngx_cycle->entered_logger) {
+ ngx_cycle->entered_logger = 1;
+ log_intercept(log, level, errstr, p - errstr);
+ ngx_cycle->entered_logger = 0;
+ }
+
ngx_linefeed(p);
wrote_stderr = 0;

13
patches/nginx-1.19.9-larger_max_error_str.patch Normal file
View File

@ -0,0 +1,13 @@
--- nginx-1.19.9/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800
@@ -64,7 +64,9 @@ struct ngx_log_s {
};
-#define NGX_MAX_ERROR_STR 2048
+#ifndef NGX_MAX_ERROR_STR
+#define NGX_MAX_ERROR_STR 4096
+#endif
/*********************************/

117
patches/nginx-1.19.9-log_escape_non_ascii.patch Normal file
View File

@ -0,0 +1,117 @@
diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c
index 917ed55f..b769dfd3 100644
--- a/src/http/modules/ngx_http_log_module.c
+++ b/src/http/modules/ngx_http_log_module.c
@@ -79,6 +79,8 @@ typedef struct {
time_t open_file_cache_valid;
ngx_uint_t open_file_cache_min_uses;
+ ngx_flag_t escape_non_ascii;
+
ngx_uint_t off; /* unsigned off:1 */
} ngx_http_log_loc_conf_t;
@@ -131,7 +133,8 @@ static size_t ngx_http_log_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_variable(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op);
-static uintptr_t ngx_http_log_escape(u_char *dst, u_char *src, size_t size);
+static uintptr_t ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst,
+ u_char *src, size_t size);
static size_t ngx_http_log_json_variable_getlen(ngx_http_request_t *r,
uintptr_t data);
static u_char *ngx_http_log_json_variable(ngx_http_request_t *r, u_char *buf,
@@ -177,6 +180,13 @@ static ngx_command_t ngx_http_log_commands[] = {
0,
NULL },
+ { ngx_string("log_escape_non_ascii"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_log_loc_conf_t, escape_non_ascii),
+ NULL },
+
ngx_null_command
};
@@ -935,6 +945,7 @@ static size_t
ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
{
uintptr_t len;
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, data);
@@ -943,7 +954,9 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
return 1;
}
- len = ngx_http_log_escape(NULL, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+
+ len = ngx_http_log_escape(lcf, NULL, value->data, value->len);
value->escape = len ? 1 : 0;
@@ -954,6 +967,7 @@ ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data)
static u_char *
ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
{
+ ngx_http_log_loc_conf_t *lcf;
ngx_http_variable_value_t *value;
value = ngx_http_get_indexed_variable(r, op->data);
@@ -967,16 +981,18 @@ ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op)
return ngx_cpymem(buf, value->data, value->len);
} else {
- return (u_char *) ngx_http_log_escape(buf, value->data, value->len);
+ lcf = ngx_http_get_module_loc_conf(r, ngx_http_log_module);
+ return (u_char *) ngx_http_log_escape(lcf, buf, value->data, value->len);
}
}
static uintptr_t
-ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
+ngx_http_log_escape(ngx_http_log_loc_conf_t *lcf, u_char *dst, u_char *src,
+ size_t size)
{
- ngx_uint_t n;
- static u_char hex[] = "0123456789ABCDEF";
+ ngx_uint_t n;
+ static u_char hex[] = "0123456789ABCDEF";
static uint32_t escape[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
@@ -996,6 +1012,12 @@ ngx_http_log_escape(u_char *dst, u_char *src, size_t size)
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
+ if (lcf->escape_non_ascii) {
+ ngx_memset(&escape[4], 0xff, sizeof(uint32_t) * 4);
+
+ } else {
+ ngx_memzero(&escape[4], sizeof(uint32_t) * 4);
+ }
if (dst == NULL) {
@@ -1120,6 +1142,7 @@ ngx_http_log_create_loc_conf(ngx_conf_t *cf)
}
conf->open_file_cache = NGX_CONF_UNSET_PTR;
+ conf->escape_non_ascii = NGX_CONF_UNSET;
return conf;
}
@@ -1135,6 +1158,8 @@ ngx_http_log_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_log_fmt_t *fmt;
ngx_http_log_main_conf_t *lmcf;
+ ngx_conf_merge_value(conf->escape_non_ascii, prev->escape_non_ascii, 1);
+
if (conf->open_file_cache == NGX_CONF_UNSET_PTR) {
conf->open_file_cache = prev->open_file_cache;

36
patches/nginx-1.19.9-no_Werror.patch Normal file
View File

@ -0,0 +1,36 @@
diff -urp nginx-1.19.9/auto/cc/clang nginx-1.19.9-patched/auto/cc/clang
--- nginx-1.19.9/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.9-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700
@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali
CFLAGS="$CFLAGS -Wno-unused-parameter"
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.19.9/auto/cc/gcc nginx-1.19.9-patched/auto/cc/gcc
--- nginx-1.19.9/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.9-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700
@@ -168,7 +168,7 @@ esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"
diff -urp nginx-1.19.9/auto/cc/icc nginx-1.19.9-patched/auto/cc/icc
--- nginx-1.19.9/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800
+++ nginx-1.19.9-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700
@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in
esac
# stop on warning
-CFLAGS="$CFLAGS -Werror"
+#CFLAGS="$CFLAGS -Werror"
# debug
CFLAGS="$CFLAGS -g"

91
patches/nginx-1.19.9-no_error_pages.patch Normal file
View File

@ -0,0 +1,91 @@
diff -upr nginx-1.19.9/src/http/ngx_http_core_module.c nginx-1.19.9-patched/src/http/ngx_http_core_module.c
--- nginx-1.19.9/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700
+++ nginx-1.19.9-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700
@@ -61,6 +61,8 @@ static char *ngx_http_core_directio(ngx_
void *conf);
static char *ngx_http_core_error_page(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_http_core_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_core_error_log(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -647,6 +649,14 @@ static ngx_command_t ngx_http_core_comm
0,
NULL },
+ { ngx_string("no_error_pages"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
+ |NGX_CONF_NOARGS,
+ ngx_http_core_no_error_pages,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("post_action"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -3334,7 +3344,6 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->types = NULL;
* clcf->default_type = { 0, NULL };
* clcf->error_log = NULL;
- * clcf->error_pages = NULL;
* clcf->client_body_path = NULL;
* clcf->regex = NULL;
* clcf->exact_match = 0;
@@ -3344,6 +3353,7 @@ ngx_http_core_create_loc_conf(ngx_conf_t
* clcf->keepalive_disable = 0;
*/
+ clcf->error_pages = NGX_CONF_UNSET_PTR;
clcf->client_max_body_size = NGX_CONF_UNSET;
clcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE;
clcf->client_body_timeout = NGX_CONF_UNSET_MSEC;
@@ -3543,9 +3553,7 @@ ngx_http_core_merge_loc_conf(ngx_conf_t
}
}
- if (conf->error_pages == NULL && prev->error_pages) {
- conf->error_pages = prev->error_pages;
- }
+ ngx_conf_merge_ptr_value(conf->error_pages, prev->error_pages, NULL);
ngx_conf_merge_str_value(conf->default_type,
prev->default_type, "text/plain");
@@ -4553,6 +4561,10 @@ ngx_http_core_error_page(ngx_conf_t *cf,
ngx_http_compile_complex_value_t ccv;
if (clcf->error_pages == NULL) {
+ return "conflicts with \"no_error_pages\"";
+ }
+
+ if (clcf->error_pages == NGX_CONF_UNSET_PTR) {
clcf->error_pages = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_err_page_t));
if (clcf->error_pages == NULL) {
@@ -4655,6 +4667,25 @@ ngx_http_core_error_page(ngx_conf_t *cf,
return NGX_CONF_OK;
}
+
+
+static char *
+ngx_http_core_no_error_pages(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_core_loc_conf_t *clcf = conf;
+
+ if (clcf->error_pages == NULL) {
+ return "is duplicate";
+ }
+
+ if (clcf->error_pages != NGX_CONF_UNSET_PTR) {
+ return "conflicts with \"error_page\"";
+ }
+
+ clcf->error_pages = NULL;
+
+ return NGX_CONF_OK;
+}
static char *

587
patches/nginx-1.19.9-no_pool.patch Normal file
View File

@ -0,0 +1,587 @@
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.9/src/core/nginx.h nginx-1.19.9-patched/src/core/nginx.h
--- nginx-1.19.9/src/core/nginx.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.9-patched/src/core/nginx.h 2016-04-21 16:25:07.452944624 -0700
@@ -10,7 +10,7 @@
#define nginx_version 1019009
#define NGINX_VERSION "1.19.9"
-#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown (no pool)"
#ifdef NGX_BUILD
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.9/src/core/ngx_array.c nginx-1.19.9-patched/src/core/ngx_array.c
--- nginx-1.19.9/src/core/ngx_array.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_array.c 2016-04-21 16:25:07.453947190 -0700
@@ -30,26 +30,30 @@ ngx_array_create(ngx_pool_t *p, ngx_uint
void
ngx_array_destroy(ngx_array_t *a)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last) {
- p->d.last -= a->size * a->nalloc;
+ if (a->elts) {
+ ngx_pfree(p, a->elts);
}
- if ((u_char *) a + sizeof(ngx_array_t) == p->d.last) {
- p->d.last = (u_char *) a;
+ for (link = a->old_elts; link; link = link->next) {
+ ngx_pfree(p, link->elts);
}
+
+ ngx_pfree(p, a);
}
void *
ngx_array_push(ngx_array_t *a)
{
- void *elt, *new;
- size_t size;
- ngx_pool_t *p;
+ void *elt, *new;
+ size_t size;
+ ngx_pool_t *p;
+ ngx_array_link_t *link;
if (a->nelts == a->nalloc) {
@@ -59,29 +63,27 @@ ngx_array_push(ngx_array_t *a)
p = a->pool;
- if ((u_char *) a->elts + size == p->d.last
- && p->d.last + a->size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
-
- p->d.last += a->size;
- a->nalloc++;
+ /* allocate a new array */
- } else {
- /* allocate a new array */
+ new = ngx_palloc(p, 2 * size);
+ if (new == NULL) {
+ return NULL;
+ }
- new = ngx_palloc(p, 2 * size);
- if (new == NULL) {
- return NULL;
- }
+ ngx_memcpy(new, a->elts, size);
- ngx_memcpy(new, a->elts, size);
- a->elts = new;
- a->nalloc *= 2;
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
}
+
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
+
+ a->elts = new;
+ a->nalloc *= 2;
}
elt = (u_char *) a->elts + a->size * a->nelts;
@@ -95,11 +97,10 @@ void *
ngx_array_push_n(ngx_array_t *a, ngx_uint_t n)
{
void *elt, *new;
- size_t size;
ngx_uint_t nalloc;
ngx_pool_t *p;
- size = n * a->size;
+ ngx_array_link_t *link;
if (a->nelts + n > a->nalloc) {
@@ -107,31 +108,27 @@ ngx_array_push_n(ngx_array_t *a, ngx_uin
p = a->pool;
- if ((u_char *) a->elts + a->size * a->nalloc == p->d.last
- && p->d.last + size <= p->d.end)
- {
- /*
- * the array allocation is the last in the pool
- * and there is space for new allocation
- */
+ nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
- p->d.last += size;
- a->nalloc += n;
+ new = ngx_palloc(p, nalloc * a->size);
+ if (new == NULL) {
+ return NULL;
+ }
- } else {
- /* allocate a new array */
+ ngx_memcpy(new, a->elts, a->nelts * a->size);
- nalloc = 2 * ((n >= a->nalloc) ? n : a->nalloc);
+ link = ngx_palloc(p, sizeof(ngx_array_link_t));
+ if (link == NULL) {
+ ngx_pfree(p, new);
+ return NULL;
+ }
- new = ngx_palloc(p, nalloc * a->size);
- if (new == NULL) {
- return NULL;
- }
+ link->next = a->old_elts;
+ link->elts = a->elts;
+ a->old_elts = link;
- ngx_memcpy(new, a->elts, a->nelts * a->size);
- a->elts = new;
- a->nalloc = nalloc;
- }
+ a->elts = new;
+ a->nalloc = nalloc;
}
elt = (u_char *) a->elts + a->size * a->nelts;
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.9/src/core/ngx_array.h nginx-1.19.9-patched/src/core/ngx_array.h
--- nginx-1.19.9/src/core/ngx_array.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_array.h 2016-04-21 16:25:07.453947190 -0700
@@ -13,12 +13,23 @@
#include <ngx_core.h>
+typedef struct ngx_array_link_s ngx_array_link_t;
+
+
+struct ngx_array_link_s {
+ void *elts;
+ ngx_array_link_t *next;
+};
+
+
typedef struct {
void *elts;
ngx_uint_t nelts;
size_t size;
ngx_uint_t nalloc;
ngx_pool_t *pool;
+
+ ngx_array_link_t *old_elts;
} ngx_array_t;
@@ -40,6 +51,7 @@ ngx_array_init(ngx_array_t *array, ngx_p
array->size = size;
array->nalloc = n;
array->pool = pool;
+ array->old_elts = NULL;
array->elts = ngx_palloc(pool, n * size);
if (array->elts == NULL) {
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.9/src/core/ngx_palloc.c nginx-1.19.9-patched/src/core/ngx_palloc.c
--- nginx-1.19.9/src/core/ngx_palloc.c 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_palloc.c 2016-04-21 16:25:45.912282685 -0700
@@ -9,34 +9,26 @@
#include <ngx_core.h>
-static ngx_inline void *ngx_palloc_small(ngx_pool_t *pool, size_t size,
- ngx_uint_t align);
-static void *ngx_palloc_block(ngx_pool_t *pool, size_t size);
-static void *ngx_palloc_large(ngx_pool_t *pool, size_t size);
+static void * ngx_malloc(ngx_pool_t *pool, size_t size);
ngx_pool_t *
ngx_create_pool(size_t size, ngx_log_t *log)
{
- ngx_pool_t *p;
+ ngx_pool_t *p;
- p = ngx_memalign(NGX_POOL_ALIGNMENT, size, log);
+ size = sizeof(ngx_pool_t);
+ p = ngx_alloc(size, log);
if (p == NULL) {
return NULL;
}
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.end = (u_char *) p + size;
- p->d.next = NULL;
- p->d.failed = 0;
+ ngx_memzero(p, size);
size = size - sizeof(ngx_pool_t);
p->max = (size < NGX_MAX_ALLOC_FROM_POOL) ? size : NGX_MAX_ALLOC_FROM_POOL;
p->current = p;
- p->chain = NULL;
- p->large = NULL;
- p->cleanup = NULL;
p->log = log;
return p;
@@ -46,8 +38,7 @@ ngx_create_pool(size_t size, ngx_log_t *
void
ngx_destroy_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p, *n;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
ngx_pool_cleanup_t *c;
for (c = pool->cleanup; c; c = c->next) {
@@ -58,6 +49,11 @@ ngx_destroy_pool(ngx_pool_t *pool)
}
}
+ if (pool->d == NULL) {
+ ngx_free(pool);
+ return;
+ }
+
#if (NGX_DEBUG)
/*
@@ -65,13 +61,9 @@ ngx_destroy_pool(ngx_pool_t *pool)
* so we cannot use this log while free()ing the pool
*/
- for (l = pool->large; l; l = l->next) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", l->alloc);
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
ngx_log_debug2(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p, unused: %uz", p, p->d.end - p->d.last);
+ "free: %p, unused: %d", d, 0);
if (n == NULL) {
break;
@@ -80,171 +72,82 @@ ngx_destroy_pool(ngx_pool_t *pool)
#endif
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
- }
- }
-
- for (p = pool, n = pool->d.next; /* void */; p = n, n = n->d.next) {
- ngx_free(p);
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ ngx_free(d->alloc);
+ ngx_free(d);
if (n == NULL) {
break;
}
}
+
+ pool->d = NULL;
+ ngx_free(pool);
}
void
ngx_reset_pool(ngx_pool_t *pool)
{
- ngx_pool_t *p;
- ngx_pool_large_t *l;
+ ngx_pool_data_t *d, *n;
+ ngx_pool_data_t *saved = NULL;
- for (l = pool->large; l; l = l->next) {
- if (l->alloc) {
- ngx_free(l->alloc);
+ if (pool->d) {
+ for (d = pool->d, n = d->next; ; d = n, n = n->next) {
+ if (d->alloc == pool->log) {
+ saved = d;
+ continue;
+ }
+
+ ngx_free(d->alloc);
+ ngx_free(d);
+
+ if (n == NULL) {
+ break;
+ }
}
- }
- for (p = pool; p; p = p->d.next) {
- p->d.last = (u_char *) p + sizeof(ngx_pool_t);
- p->d.failed = 0;
+ pool->d = saved;
+ pool->current = pool;
+ pool->chain = NULL;
}
-
- pool->current = pool;
- pool->chain = NULL;
- pool->large = NULL;
}
void *
ngx_palloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 1);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
+ return ngx_malloc(pool, size);
}
void *
ngx_pnalloc(ngx_pool_t *pool, size_t size)
{
-#if !(NGX_DEBUG_PALLOC)
- if (size <= pool->max) {
- return ngx_palloc_small(pool, size, 0);
- }
-#endif
-
- return ngx_palloc_large(pool, size);
-}
-
-
-static ngx_inline void *
-ngx_palloc_small(ngx_pool_t *pool, size_t size, ngx_uint_t align)
-{
- u_char *m;
- ngx_pool_t *p;
-
- p = pool->current;
-
- do {
- m = p->d.last;
-
- if (align) {
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- }
-
- if ((size_t) (p->d.end - m) >= size) {
- p->d.last = m + size;
-
- return m;
- }
-
- p = p->d.next;
-
- } while (p);
-
- return ngx_palloc_block(pool, size);
-}
-
-
-static void *
-ngx_palloc_block(ngx_pool_t *pool, size_t size)
-{
- u_char *m;
- size_t psize;
- ngx_pool_t *p, *new;
-
- psize = (size_t) (pool->d.end - (u_char *) pool);
-
- m = ngx_memalign(NGX_POOL_ALIGNMENT, psize, pool->log);
- if (m == NULL) {
- return NULL;
- }
-
- new = (ngx_pool_t *) m;
-
- new->d.end = m + psize;
- new->d.next = NULL;
- new->d.failed = 0;
-
- m += sizeof(ngx_pool_data_t);
- m = ngx_align_ptr(m, NGX_ALIGNMENT);
- new->d.last = m + size;
-
- for (p = pool->current; p->d.next; p = p->d.next) {
- if (p->d.failed++ > 4) {
- pool->current = p->d.next;
- }
- }
-
- p->d.next = new;
-
- return m;
+ return ngx_malloc(pool, size);
}
static void *
-ngx_palloc_large(ngx_pool_t *pool, size_t size)
+ngx_malloc(ngx_pool_t *pool, size_t size)
{
- void *p;
- ngx_uint_t n;
- ngx_pool_large_t *large;
+ void *p;
+ ngx_pool_data_t *d;
p = ngx_alloc(size, pool->log);
if (p == NULL) {
return NULL;
}
- n = 0;
-
- for (large = pool->large; large; large = large->next) {
- if (large->alloc == NULL) {
- large->alloc = p;
- return p;
- }
-
- if (n++ > 3) {
- break;
- }
- }
-
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
@@ -253,38 +156,48 @@ void *
ngx_pmemalign(ngx_pool_t *pool, size_t size, size_t alignment)
{
void *p;
- ngx_pool_large_t *large;
+ ngx_pool_data_t *d;
p = ngx_memalign(alignment, size, pool->log);
if (p == NULL) {
return NULL;
}
- large = ngx_palloc_small(pool, sizeof(ngx_pool_large_t), 1);
- if (large == NULL) {
+ d = ngx_alloc(sizeof(ngx_pool_data_t), pool->log);
+ if (d == NULL){
ngx_free(p);
return NULL;
}
- large->alloc = p;
- large->next = pool->large;
- pool->large = large;
-
+ d->alloc = p;
+ d->next = pool->d;
+ pool->d = d;
return p;
}
ngx_int_t
-ngx_pfree(ngx_pool_t *pool, void *p)
+ngx_pfree(ngx_pool_t *pool, void *data)
{
- ngx_pool_large_t *l;
+ ngx_pool_data_t *p, *d;
- for (l = pool->large; l; l = l->next) {
- if (p == l->alloc) {
- ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0,
- "free: %p", l->alloc);
- ngx_free(l->alloc);
- l->alloc = NULL;
+ p = NULL;
+ for (d = pool->d; d; p = d, d = d->next) {
+ if (data == d->alloc) {
+
+ ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, pool->log, 0, "free: %p", d->alloc);
+
+ ngx_free(d->alloc);
+ d->alloc = NULL;
+
+ if (p) {
+ p->next = d->next;
+
+ } else {
+ pool->d = d->next;
+ }
+
+ ngx_free(d);
return NGX_OK;
}
diff --minimal '--exclude=*.swp' '--exclude=*~' -up nginx-1.19.9/src/core/ngx_palloc.h nginx-1.19.9-patched/src/core/ngx_palloc.h
--- nginx-1.19.9/src/core/ngx_palloc.h 2016-04-19 09:02:38.000000000 -0700
+++ nginx-1.19.9-patched/src/core/ngx_palloc.h 2016-04-21 16:25:07.454949755 -0700
@@ -38,28 +38,21 @@ struct ngx_pool_cleanup_s {
};
-typedef struct ngx_pool_large_s ngx_pool_large_t;
-
-struct ngx_pool_large_s {
- ngx_pool_large_t *next;
- void *alloc;
-};
+typedef struct ngx_pool_data_s ngx_pool_large_t;
+typedef struct ngx_pool_data_s ngx_pool_data_t;
-typedef struct {
- u_char *last;
- u_char *end;
- ngx_pool_t *next;
- ngx_uint_t failed;
-} ngx_pool_data_t;
+struct ngx_pool_data_s {
+ ngx_pool_data_t *next;
+ void *alloc;
+};
struct ngx_pool_s {
- ngx_pool_data_t d;
+ ngx_pool_data_t *d;
size_t max;
ngx_pool_t *current;
ngx_chain_t *chain;
- ngx_pool_large_t *large;
ngx_pool_cleanup_t *cleanup;
ngx_log_t *log;
};

26
patches/nginx-1.19.9-pcre_conf_opt.patch Normal file
View File

@ -0,0 +1,26 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1386694955 28800
# Node ID 9ba6b149669f1f02eeb4cdc0ebd364a949b5c469
# Parent 30e806b8636af5fd3f03ec17df24801f390f7511
Configure: added new option --with-pcre-conf-opt=OPTIONS.
diff -r 30e806b8636a -r 9ba6b149669f auto/options
--- a/auto/options Mon Dec 09 10:16:44 2013 +0400
+++ b/auto/options Tue Dec 10 09:02:35 2013 -0800
@@ -286,6 +286,7 @@
--with-pcre) USE_PCRE=YES ;;
--with-pcre=*) PCRE="$value" ;;
--with-pcre-opt=*) PCRE_OPT="$value" ;;
+ --with-pcre-conf-opt=*) PCRE_CONF_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
--with-openssl=*) OPENSSL="$value" ;;
@@ -441,6 +442,7 @@
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
+ --with-pcre-conf-opt=OPTIONS set additional configure options for PCRE
--with-pcre-jit build PCRE with JIT compilation support
--with-md5=DIR set path to md5 library sources

203
patches/nginx-1.19.9-privileged_agent_process.patch Normal file
View File

@ -0,0 +1,203 @@
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 60f8fe7..4bd244b 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -981,6 +981,7 @@ ngx_core_module_create_conf(ngx_cycle_t *cycle)
ccf->daemon = NGX_CONF_UNSET;
ccf->master = NGX_CONF_UNSET;
+ ccf->privileged_agent = NGX_CONF_UNSET;
ccf->timer_resolution = NGX_CONF_UNSET_MSEC;
ccf->worker_processes = NGX_CONF_UNSET;
@@ -1009,6 +1010,7 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->daemon, 1);
ngx_conf_init_value(ccf->master, 1);
+ ngx_conf_init_value(ccf->privileged_agent, 0);
ngx_conf_init_msec_value(ccf->timer_resolution, 0);
ngx_conf_init_value(ccf->worker_processes, 1);
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index c51b7ff..3261f90 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -22,6 +22,9 @@
#define NGX_DEBUG_POINTS_ABORT 2
+#define HAVE_PRIVILEGED_PROCESS_PATCH 1
+
+
typedef struct ngx_shm_zone_s ngx_shm_zone_t;
typedef ngx_int_t (*ngx_shm_zone_init_pt) (ngx_shm_zone_t *zone, void *data);
@@ -81,6 +84,7 @@ struct ngx_cycle_s {
typedef struct {
ngx_flag_t daemon;
ngx_flag_t master;
+ ngx_flag_t privileged_agent;
ngx_msec_t timer_resolution;
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 7cee1c5..c4f70d6 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -15,6 +15,8 @@ static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n,
ngx_int_t type);
static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle,
ngx_uint_t respawn);
+static void ngx_start_privileged_agent_processes(ngx_cycle_t *cycle,
+ ngx_uint_t respawn);
static void ngx_pass_open_channel(ngx_cycle_t *cycle);
static void ngx_signal_worker_processes(ngx_cycle_t *cycle, int signo);
static ngx_uint_t ngx_reap_children(ngx_cycle_t *cycle);
@@ -24,6 +26,7 @@ static void ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker);
static void ngx_worker_process_exit(ngx_cycle_t *cycle);
static void ngx_channel_handler(ngx_event_t *ev);
static void ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data);
+static void ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data);
static void ngx_cache_manager_process_handler(ngx_event_t *ev);
static void ngx_cache_loader_process_handler(ngx_event_t *ev);
@@ -51,6 +54,8 @@ sig_atomic_t ngx_noaccept;
ngx_uint_t ngx_noaccepting;
ngx_uint_t ngx_restart;
+ngx_uint_t ngx_is_privileged_agent;
+
static u_char master_process[] = "master process";
@@ -130,6 +135,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_new_binary = 0;
delay = 0;
@@ -215,6 +221,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
ngx_noaccepting = 0;
continue;
@@ -234,6 +241,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_JUST_RESPAWN);
ngx_start_cache_manager_processes(cycle, 1);
+ ngx_start_privileged_agent_processes(cycle, 1);
/* allow new processes to start */
ngx_msleep(100);
@@ -248,6 +256,7 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_RESPAWN);
ngx_start_cache_manager_processes(cycle, 0);
+ ngx_start_privileged_agent_processes(cycle, 0);
live = 1;
}
@@ -393,6 +431,26 @@ ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
static void
+ngx_start_privileged_agent_processes(ngx_cycle_t *cycle, ngx_uint_t respawn)
+{
+ ngx_core_conf_t *ccf;
+
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx,
+ ngx_core_module);
+
+ if (!ccf->privileged_agent) {
+ return;
+ }
+
+ ngx_spawn_process(cycle, ngx_privileged_agent_process_cycle,
+ "privileged agent process", "privileged agent process",
+ respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN);
+
+ ngx_pass_open_channel(cycle);
+}
+
+
+static void
ngx_pass_open_channel(ngx_cycle_t *cycle)
{
ngx_int_t i;
@@ -794,7 +860,10 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
}
}
- if (geteuid() == 0) {
+ /*
+ * privileged agent process has the same permission as master process
+ */
+ if (!ngx_is_privileged_agent && geteuid() == 0) {
if (setgid(ccf->group) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"setgid(%d) failed", ccf->group);
@@ -1149,6 +1216,47 @@ ngx_cache_manager_process_cycle(ngx_cycle_t *cycle, void *data)
static void
+ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
+{
+ char *name = data;
+
+ /*
+ * Set correct process type since closing listening Unix domain socket
+ * in a master process also removes the Unix domain socket file.
+ */
+ ngx_process = NGX_PROCESS_HELPER;
+ ngx_is_privileged_agent = 1;
+
+ ngx_close_listening_sockets(cycle);
+
+ /* Set a moderate number of connections for a helper process. */
+ cycle->connection_n = 512;
+
+ ngx_worker_process_init(cycle, -1);
+
+ ngx_use_accept_mutex = 0;
+
+ ngx_setproctitle(name);
+
+ for ( ;; ) {
+
+ if (ngx_terminate || ngx_quit) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+ ngx_worker_process_exit(cycle);
+ }
+
+ if (ngx_reopen) {
+ ngx_reopen = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
+ ngx_reopen_files(cycle, -1);
+ }
+
+ ngx_process_events_and_timers(cycle);
+ }
+}
+
+
+static void
ngx_cache_manager_process_handler(ngx_event_t *ev)
{
time_t next, n;
diff --git a/src/os/unix/ngx_process_cycle.h b/src/os/unix/ngx_process_cycle.h
index 69495d5..5149396 100644
--- a/src/os/unix/ngx_process_cycle.h
+++ b/src/os/unix/ngx_process_cycle.h
@@ -45,6 +45,7 @@ extern ngx_pid_t ngx_new_binary;
extern ngx_uint_t ngx_inherited;
extern ngx_uint_t ngx_daemonized;
extern ngx_uint_t ngx_exiting;
+extern ngx_uint_t ngx_is_privileged_agent;
extern sig_atomic_t ngx_reap;
extern sig_atomic_t ngx_sigio;

73
patches/nginx-1.19.9-privileged_agent_process_connections.patch Normal file
View File

@ -0,0 +1,73 @@
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 269ff84..48329bd 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -1062,6 +1062,7 @@ ngx_core_module_create_conf(ngx_cycle_t *cycle)
ccf->daemon = NGX_CONF_UNSET;
ccf->master = NGX_CONF_UNSET;
ccf->privileged_agent = NGX_CONF_UNSET;
+ ccf->privileged_agent_connections = NGX_CONF_UNSET_UINT;
ccf->timer_resolution = NGX_CONF_UNSET_MSEC;
ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC;
@@ -1092,6 +1093,7 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->daemon, 1);
ngx_conf_init_value(ccf->master, 1);
ngx_conf_init_value(ccf->privileged_agent, 0);
+ ngx_conf_init_uint_value(ccf->privileged_agent_connections, 512);
ngx_conf_init_msec_value(ccf->timer_resolution, 0);
ngx_conf_init_msec_value(ccf->shutdown_timeout, 0);
diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h
index 6a9583e..4469390 100644
--- a/src/core/ngx_cycle.h
+++ b/src/core/ngx_cycle.h
@@ -93,6 +93,7 @@ typedef struct {
ngx_flag_t daemon;
ngx_flag_t master;
ngx_flag_t privileged_agent;
+ ngx_uint_t privileged_agent_connections;
ngx_msec_t timer_resolution;
ngx_msec_t shutdown_timeout;
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index df25f9d..bd259c1 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -1179,6 +1179,7 @@ static void
ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
{
char *name = data;
+ ngx_core_conf_t *ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module);
/*
* Set correct process type since closing listening Unix domain socket
@@ -1190,7 +1191,7 @@ ngx_privileged_agent_process_cycle(ngx_cycle_t *cycle, void *data)
ngx_close_listening_sockets(cycle);
/* Set a moderate number of connections for a helper process. */
- cycle->connection_n = 512;
+ cycle->connection_n = ccf->privileged_agent_connections;
ngx_worker_process_init(cycle, -1);
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index df25f9d..bd259c1 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -442,6 +442,15 @@
return;
}
+ /* 0 is an illegal value and may result in a core dump later */
+ if (ccf->privileged_agent_connections == 0) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "%ui worker_connection is not enough, "
+ "privileged agent process cannot be spawned",
+ ccf->privileged_agent_connections);
+ return;
+ }
+
ngx_spawn_process(cycle, ngx_privileged_agent_process_cycle,
"privileged agent process", "privileged agent process",
respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN);

19
patches/nginx-1.19.9-proxy_host_port_vars.patch Normal file
View File

@ -0,0 +1,19 @@
--- nginx-1.19.9/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
+++ nginx-1.19.9-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800
@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach
static ngx_http_variable_t ngx_http_proxy_vars[] = {
{ ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0,
- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("proxy_add_x_forwarded_for"), NULL,
- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
+ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 },
#if 0
{ ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 },

263
patches/nginx-1.19.9-resolver_conf_parsing.patch Normal file
View File

@ -0,0 +1,263 @@
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..dade1846 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -9,12 +9,26 @@
#include <ngx_core.h>
#include <ngx_event.h>
+#if !(NGX_WIN32)
+#include <resolv.h>
+#endif
+
#define NGX_RESOLVER_UDP_SIZE 4096
#define NGX_RESOLVER_TCP_RSIZE (2 + 65535)
#define NGX_RESOLVER_TCP_WSIZE 8192
+#if !(NGX_WIN32)
+/*
+ * note that 2KB should be more than enough for majority of the
+ * resolv.conf files out there. it also acts as a safety guard to prevent
+ * abuse.
+ */
+#define NGX_RESOLVER_FILE_BUF_SIZE 2048
+#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf"
+#endif
+
typedef struct {
u_char ident_hi;
@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r,
#endif
+#if !(NGX_WIN32)
+static ngx_int_t
+ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path,
+ size_t path_len)
+{
+ ngx_url_t u;
+ ngx_resolver_connection_t *rec;
+ ngx_fd_t fd;
+ ngx_file_t file;
+ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE];
+ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN];
+ ngx_uint_t address = 0, j, total = 0;
+ ssize_t n, i;
+ enum {
+ sw_nameserver,
+ sw_spaces,
+ sw_address,
+ sw_skip
+ } state;
+
+ file.name.data = path;
+ file.name.len = path_len;
+
+ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+ NGX_FILE_OPEN, 0);
+
+ if (fd == NGX_INVALID_FILE) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ ngx_open_file_n " \"%s\" failed", file.name.data);
+
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&file, sizeof(ngx_file_t));
+
+ file.fd = fd;
+ file.log = cf->log;
+
+ state = sw_nameserver;
+
+ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0);
+
+ if (n == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_read_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_close_file_n " \"%s\" failed", file.name.data);
+ }
+
+ if (n == NGX_ERROR) {
+ return NGX_ERROR;
+ }
+
+ if (n == 0) {
+ return NGX_OK;
+ }
+
+ for (i = 0; i < n && total < MAXNS; /* void */) {
+ if (buf[i] == '#' || buf[i] == ';') {
+ state = sw_skip;
+ }
+
+ switch (state) {
+
+ case sw_nameserver:
+
+ if ((size_t) n - i >= sizeof("nameserver") - 1
+ && ngx_memcmp(buf + i, "nameserver",
+ sizeof("nameserver") - 1) == 0)
+ {
+ state = sw_spaces;
+ i += sizeof("nameserver") - 1;
+
+ continue;
+ }
+
+ break;
+
+ case sw_spaces:
+ if (buf[i] != '\t' && buf[i] != ' ') {
+ address = i;
+ state = sw_address;
+ }
+
+ break;
+
+ case sw_address:
+
+ if (buf[i] == CR || buf[i] == LF || i == n - 1) {
+ ngx_memzero(&u, sizeof(ngx_url_t));
+
+ u.url.data = buf + address;
+
+ if (i == n - 1 && buf[i] != CR && buf[i] != LF) {
+ u.url.len = n - address;
+
+ } else {
+ u.url.len = i - address;
+ }
+
+ u.default_port = 53;
+
+ /* IPv6? */
+ if (ngx_strlchr(u.url.data, u.url.data + u.url.len,
+ ':') != NULL)
+ {
+ if (u.url.len + 2 > sizeof(ipv6_buf)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "IPv6 resolver address is too long:"
+ " \"%V\"", &u.url);
+
+ return NGX_ERROR;
+ }
+
+ ipv6_buf[0] = '[';
+ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len);
+ ipv6_buf[u.url.len + 1] = ']';
+
+ u.url.data = ipv6_buf;
+ u.url.len = u.url.len + 2;
+ }
+
+ if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
+ if (u.err) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "%s in resolver \"%V\"",
+ u.err, &u.url);
+ }
+
+ return NGX_ERROR;
+ }
+
+ rec = ngx_array_push_n(&r->connections, u.naddrs);
+ if (rec == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t));
+
+ for (j = 0; j < u.naddrs; j++) {
+ rec[j].sockaddr = u.addrs[j].sockaddr;
+ rec[j].socklen = u.addrs[j].socklen;
+ rec[j].server = u.addrs[j].name;
+ rec[j].resolver = r;
+ }
+
+ total++;
+
+#if (NGX_DEBUG)
+ /*
+ * logs with level below NGX_LOG_NOTICE will not be printed
+ * in this early phase
+ */
+ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0,
+ "parsed a resolver: \"%V\"", &u.url);
+#endif
+
+ state = sw_nameserver;
+ }
+
+ break;
+
+ case sw_skip:
+ if (buf[i] == CR || buf[i] == LF) {
+ state = sw_nameserver;
+ }
+
+ break;
+ }
+
+ i++;
+ }
+
+ return NGX_OK;
+}
+#endif
+
+
ngx_resolver_t *
ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
{
@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
}
#endif
+#if !(NGX_WIN32)
+ if (ngx_strncmp(names[i].data, "local=", 6) == 0) {
+
+ if (ngx_strcmp(&names[i].data[6], "on") == 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ (u_char *)
+ NGX_RESOLVER_FILE_NAME,
+ sizeof(NGX_RESOLVER_FILE_NAME)
+ - 1)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) {
+ if (ngx_resolver_read_resolv_conf(cf, r,
+ &names[i].data[6],
+ names[i].len - 6)
+ != NGX_OK)
+ {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "unable to parse local resolver");
+ return NULL;
+ }
+
+ }
+
+ continue;
+ }
+#endif
+
ngx_memzero(&u, sizeof(ngx_url_t));
u.url = names[i];

38
patches/nginx-1.19.9-reuseport_close_unused_fds.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
--- a/src/core/ngx_connection.c
+++ b/src/core/ngx_connection.c
@@ -1118,6 +1118,12 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
+#if (NGX_HAVE_REUSEPORT)
+ if (ls[i].fd == (ngx_socket_t) -1) {
+ continue;
+ }
+#endif
+
c = ls[i].connection;
if (c) {
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -775,6 +775,18 @@ ngx_event_process_init(ngx_cycle_t *cycle)
#if (NGX_HAVE_REUSEPORT)
if (ls[i].reuseport && ls[i].worker != ngx_worker) {
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, cycle->log, 0,
+ "closing unused fd:%d listening on %V",
+ ls[i].fd, &ls[i].addr_text);
+
+ if (ngx_close_socket(ls[i].fd) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno,
+ ngx_close_socket_n " %V failed",
+ &ls[i].addr_text);
+ }
+
+ ls[i].fd = (ngx_socket_t) -1;
+
continue;
}
#endif

56
patches/nginx-1.19.9-safe_resolver_ipv6_option.patch Normal file
View File

@ -0,0 +1,56 @@
# HG changeset patch
# User Thibault Charbonnier <thibaultcha@fastmail.com>
# Date 1481847421 28800
# Thu Dec 15 16:17:01 2016 -0800
# Node ID 8bf038fe006fd8ae253d6b41fc6cf109a8912d3e
# Parent a3dc657f4e9530623683e6b85bd7492662e4dc47
Resolver: ignore ipv6=off resolver option when no ipv6 support
Makes the resolver directive more robust: we only error out when ipv6
resolution is desired but not supported (ipv6=on).
use case 1: some configurations are sometimes re-used between builds with and
without ipv6 support. This patch avoids the need to remove the "ipv6=off" flag.
use case 2: currently, some tools rely on the --with-ipv6 configure option from
"nginx -V" to determine if ipv6 resolution should be disabled in some cases.
With this option disappearing in Nginx 1.11.5, this patch would allow such tools
to assume "ipv6=off" to be safe regardless of ipv6 support in the current
build.
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index dade1846..5a3f0aa4 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -426,14 +426,22 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue;
}
-#if (NGX_HAVE_INET6)
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 1;
+#else
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "no ipv6 support but \"%V\" in resolver",
+ &names[i]);
+ return NULL;
+#endif
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
+#if (NGX_HAVE_INET6)
r->ipv6 = 0;
+#endif
} else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -443,7 +451,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
continue;
}
-#endif
#if !(NGX_WIN32)
if (ngx_strncmp(names[i].data, "local=", 6) == 0) {

39
patches/nginx-1.19.9-server_header.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/src/core/nginx.h b/src/core/nginx.h
index a3c0ef8..1263881 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -11,7 +11,7 @@
#define nginx_version 1019009
#define NGINX_VERSION "1.19.9"
-#define NGINX_VER "nginx/" NGINX_VERSION
+#define NGINX_VER "openresty/" NGINX_VERSION ".unknown"
#ifdef NGX_BUILD
#define NGINX_VER_BUILD NGINX_VER " (" NGX_BUILD ")"
diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c
index 9b89405..ca13f2a 100644
--- a/src/http/ngx_http_header_filter_module.c
+++ b/src/http/ngx_http_header_filter_module.c
@@ -46,7 +46,7 @@ ngx_module_t ngx_http_header_filter_module = {
};
-static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
+static u_char ngx_http_server_string[] = "Server: openresty" CRLF;
static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index 8621e7a..a76c677 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -143,7 +143,7 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
ngx_http_core_srv_conf_t *cscf;
u_char addr[NGX_SOCKADDR_STRLEN];
- static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
+ static const u_char nginx[8] = "\x87\x3d\x65\xaa\xc2\xa1\x3e\xbf";
#if (NGX_HTTP_GZIP)
static const u_char accept_encoding[12] =
"\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";

44
patches/nginx-1.19.9-setting_args_invalidates_uri.patch Normal file
View File

@ -0,0 +1,44 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1390506359 28800
# Node ID 17186b98c235c07e94c64e5853689f790f173756
# Parent 4b50d1f299d8a69f3e3f7975132e1490352642fe
Variable: setting $args should invalidate unparsed uri.
diff -r 4b50d1f299d8 -r 17186b98c235 src/http/ngx_http_variables.c
--- a/src/http/ngx_http_variables.c Fri Jan 10 11:22:14 2014 -0800
+++ b/src/http/ngx_http_variables.c Thu Jan 23 11:45:59 2014 -0800
@@ -15,6 +15,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static void ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_request_get_size(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static void ngx_http_variable_request_set_size(ngx_http_request_t *r,
@@ -218,7 +220,7 @@
NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("args"),
- ngx_http_variable_request_set,
+ ngx_http_variable_request_args_set,
ngx_http_variable_request,
offsetof(ngx_http_request_t, args),
NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
@@ -647,6 +649,15 @@
static void
+ngx_http_variable_request_args_set(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ r->valid_unparsed_uri = 0;
+ ngx_http_variable_request_set(r, v, data);
+}
+
+
+static void
ngx_http_variable_request_set(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{

75
patches/nginx-1.19.9-single_process_graceful_exit.patch Normal file
View File

@ -0,0 +1,75 @@
diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c
index 15680237..12a8c687 100644
--- a/src/os/unix/ngx_process.c
+++ b/src/os/unix/ngx_process.c
@@ -362,8 +362,15 @@ ngx_signal_handler(int signo, siginfo_t *siginfo, void *ucontext)
break;
case ngx_signal_value(NGX_RECONFIGURE_SIGNAL):
- ngx_reconfigure = 1;
- action = ", reconfiguring";
+ if (ngx_process == NGX_PROCESS_SINGLE) {
+ ngx_terminate = 1;
+ action = ", exiting";
+
+ } else {
+ ngx_reconfigure = 1;
+ action = ", reconfiguring";
+ }
+
break;
case ngx_signal_value(NGX_REOPEN_SIGNAL):
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 5817a2c2..f3d58e97 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -305,11 +305,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
}
for ( ;; ) {
+ if (ngx_exiting) {
+ if (ngx_event_no_timers_left() == NGX_OK) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
+
+ for (i = 0; cycle->modules[i]; i++) {
+ if (cycle->modules[i]->exit_process) {
+ cycle->modules[i]->exit_process(cycle);
+ }
+ }
+
+ ngx_master_process_exit(cycle);
+ }
+ }
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
ngx_process_events_and_timers(cycle);
- if (ngx_terminate || ngx_quit) {
+ if (ngx_terminate) {
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
for (i = 0; cycle->modules[i]; i++) {
if (cycle->modules[i]->exit_process) {
@@ -320,6 +335,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle)
ngx_master_process_exit(cycle);
}
+ if (ngx_quit) {
+ ngx_quit = 0;
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0,
+ "gracefully shutting down");
+ ngx_setproctitle("process is shutting down");
+
+ if (!ngx_exiting) {
+ ngx_exiting = 1;
+ ngx_set_shutdown_timer(cycle);
+ ngx_close_listening_sockets(cycle);
+ ngx_close_idle_connections(cycle);
+ }
+ }
+
if (ngx_reconfigure) {
ngx_reconfigure = 0;
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring");

185
patches/nginx-1.19.9-socket_cloexec.patch Normal file
View File

@ -0,0 +1,185 @@
diff --git a/auto/unix b/auto/unix
index 10835f6c..b5b33bb3 100644
--- a/auto/unix
+++ b/auto/unix
@@ -990,3 +990,27 @@ ngx_feature_test='struct addrinfo *res;
if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1;
freeaddrinfo(res)'
. auto/feature
+
+ngx_feature="SOCK_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);"
+. auto/feature
+
+ngx_feature="FD_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_FD_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <fcntl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);"
+. auto/feature
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index cd55520c..438e0806 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4466,8 +4466,14 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
ngx_event_t *rev, *wev;
ngx_connection_t *c;
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0);
+#endif
+
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s);
if (s == (ngx_socket_t) -1) {
@@ -4494,6 +4500,15 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
rev = c->read;
wev = c->write;
diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h
index 19fec68..8c2f01a 100644
--- a/src/event/ngx_event.h
+++ b/src/event/ngx_event.h
@@ -73,6 +73,9 @@ struct ngx_event_s {
/* to test on worker exit */
unsigned channel:1;
unsigned resolver:1;
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ unsigned skip_socket_leak_check:1;
+#endif
unsigned cancelable:1;
diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
index 77563709..5827b9d0 100644
--- a/src/event/ngx_event_accept.c
+++ b/src/event/ngx_event_accept.c
@@ -62,7 +62,9 @@ ngx_event_accept(ngx_event_t *ev)
#if (NGX_HAVE_ACCEPT4)
if (use_accept4) {
- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK);
+ s = accept4(lc->fd, &sa.sockaddr, &socklen,
+ SOCK_NONBLOCK | SOCK_CLOEXEC);
+
} else {
s = accept(lc->fd, &sa.sockaddr, &socklen);
}
@@ -202,6 +204,16 @@ ngx_event_accept(ngx_event_t *ev)
ngx_close_accepted_connection(c);
return;
}
+
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+ ngx_close_accepted_connection(c);
+ return;
+ }
+#endif
+
}
}
diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c
index c5bb8068..cf33b1d2 100644
--- a/src/event/ngx_event_connect.c
+++ b/src/event/ngx_event_connect.c
@@ -38,8 +38,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
type = (pc->type ? pc->type : SOCK_STREAM);
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0);
+
+#else
s = ngx_socket(pc->sockaddr->sa_family, type, 0);
+#endif
+
+
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d",
(type == SOCK_STREAM) ? "stream" : "dgram", s);
@@ -80,6 +87,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
if (pc->local) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index c4376a5..48e8fa8 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -960,6 +1029,9 @@ ngx_worker_process_exit(ngx_cycle_t *cycle)
for (i = 0; i < cycle->connection_n; i++) {
if (c[i].fd != -1
&& c[i].read
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ && !c[i].read->skip_socket_leak_check
+#endif
&& !c[i].read->accept
&& !c[i].read->channel
&& !c[i].read->resolver)
diff --git a/src/os/unix/ngx_socket.h b/src/os/unix/ngx_socket.h
index fcc51533..d1eebf47 100644
--- a/src/os/unix/ngx_socket.h
+++ b/src/os/unix/ngx_socket.h
@@ -38,6 +38,17 @@ int ngx_blocking(ngx_socket_t s);
#endif
+#if (NGX_HAVE_FD_CLOEXEC)
+
+#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC)
+#define ngx_cloexec_n "fcntl(FD_CLOEXEC)"
+
+/* at least FD_CLOEXEC is required to ensure connection fd is closed
+ * after execve */
+#define HAVE_SOCKET_CLOEXEC_PATCH 1
+
+#endif
+
int ngx_tcp_nopush(ngx_socket_t s);
int ngx_tcp_push(ngx_socket_t s);

64
patches/nginx-1.19.9-ssl_cert_cb_yield.patch Normal file
View File

@ -0,0 +1,64 @@
# HG changeset patch
# User Yichun Zhang <agentzh@openresty.org>
# Date 1451762084 28800
# Sat Jan 02 11:14:44 2016 -0800
# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd
# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4
SSL: handled SSL_CTX_set_cert_cb() callback yielding.
OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom
callbacks to serve the SSL certificiates and private keys dynamically
and lazily. The callbacks may yield for nonblocking I/O or sleeping.
Here we added support for such usage in NGINX 3rd-party modules
(like ngx_lua) in NGINX's event handlers for downstream SSL
connections.
diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300
+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800
@@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c)
return NGX_AGAIN;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;
@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
return NGX_AGAIN;
}
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

38
patches/nginx-1.19.9-ssl_client_hello_cb_yield.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 8ba30e58..2b2db95c 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1712,6 +1712,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
# ifdef SSL_ERROR_PENDING_SESSION
|| sslerr == SSL_ERROR_PENDING_SESSION
+# endif
+# ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
+ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB
# endif
)
{
@@ -1889,6 +1892,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
}
#endif
+#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
+ if (sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

41
patches/nginx-1.19.9-ssl_sess_cb_yield.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1446,7 +1446,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
+# ifdef SSL_ERROR_PENDING_SESSION
+ || sslerr == SSL_ERROR_PENDING_SESSION
+# endif
+ )
+ {
c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler;
@@ -1575,6 +1580,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
return NGX_AGAIN;
}
+#ifdef SSL_ERROR_PENDING_SESSION
+ if (sslerr == SSL_ERROR_PENDING_SESSION) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+#endif
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;

50
patches/nginx-1.19.9-static_mod_escape_loc_hdr.patch Normal file
View File

@ -0,0 +1,50 @@
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index 282d6ee..899e11e 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -58,6 +58,8 @@ ngx_http_static_handler(ngx_http_request_t *r)
ngx_chain_t out;
ngx_open_file_info_t of;
ngx_http_core_loc_conf_t *clcf;
+ u_char *uri;
+ uintptr_t escape;
if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) {
return NGX_HTTP_NOT_ALLOWED;
@@ -162,9 +164,21 @@ ngx_http_static_handler(ngx_http_request_t *r)
*last = '/';
+ escape = 2 * ngx_escape_uri(NULL, location, len, NGX_ESCAPE_URI);
+ if (escape > 0) {
+ uri = ngx_pnalloc(r->pool, len + escape);
+ if (uri == NULL) {
+ return NGX_ERROR;
+ }
+ ngx_escape_uri(uri, location, len, NGX_ESCAPE_URI);
+ location = uri;
+ len += escape;
+ }
+
} else {
+ escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
if (r->args.len) {
- len += r->args.len + 1;
+ len += r->args.len + 1 + escape;
}
location = ngx_pnalloc(r->pool, len);
@@ -173,7 +187,12 @@ ngx_http_static_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- last = ngx_copy(location, r->uri.data, r->uri.len);
+ if (escape > 0) {
+ last = (u_char *) ngx_escape_uri(location, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
+
+ } else {
+ last = ngx_copy(location, r->uri.data, r->uri.len);
+ }
*last = '/';

53
patches/nginx-1.19.9-stream_balancer_export.patch Normal file
View File

@ -0,0 +1,53 @@
diff --git a/src/stream/ngx_stream_upstream_round_robin.c b/src/stream/ngx_stream_upstream_round_robin.c
index 526de3a..b531ce1 100644
--- a/src/stream/ngx_stream_upstream_round_robin.c
+++ b/src/stream/ngx_stream_upstream_round_robin.c
@@ -21,10 +21,6 @@ static void ngx_stream_upstream_notify_round_robin_peer(
#if (NGX_STREAM_SSL)
-static ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
-static void ngx_stream_upstream_save_round_robin_peer_session(
- ngx_peer_connection_t *pc, void *data);
static ngx_int_t ngx_stream_upstream_empty_set_session(
ngx_peer_connection_t *pc, void *data);
static void ngx_stream_upstream_empty_save_session(ngx_peer_connection_t *pc,
@@ -690,7 +686,7 @@ ngx_stream_upstream_notify_round_robin_peer(ngx_peer_connection_t *pc,
#if (NGX_STREAM_SSL)
-static ngx_int_t
+ngx_int_t
ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
@@ -756,7 +752,7 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
}
-static void
+void
ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
{
diff --git a/src/stream/ngx_stream_upstream_round_robin.h b/src/stream/ngx_stream_upstream_round_robin.h
index 35d9fce..75f3e31 100644
--- a/src/stream/ngx_stream_upstream_round_robin.h
+++ b/src/stream/ngx_stream_upstream_round_robin.h
@@ -142,5 +142,15 @@ ngx_int_t ngx_stream_upstream_get_round_robin_peer(ngx_peer_connection_t *pc,
void ngx_stream_upstream_free_round_robin_peer(ngx_peer_connection_t *pc,
void *data, ngx_uint_t state);
+#if (NGX_STREAM_SSL)
+ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+void ngx_stream_upstream_save_round_robin_peer_session(
+ ngx_peer_connection_t *pc, void *data);
+#endif
+
+
+#define HAVE_NGX_STREAM_BALANCER_EXPORT_PATCH 1
+
#endif /* _NGX_STREAM_UPSTREAM_ROUND_ROBIN_H_INCLUDED_ */

31
patches/nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch Normal file
View File

@ -0,0 +1,31 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d2459..de92724 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
extern ngx_stream_filter_pt ngx_stream_top_filter;
+#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1
+
+
#endif /* _NGX_STREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 0afde1c..3254ce1 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK;
}
+
+
+ngx_uint_t
+ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s)
+{
+ ngx_stream_proxy_srv_conf_t *pscf;
+
+ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+
+ return pscf->next_upstream_tries;
+}

182
patches/nginx-1.19.9-stream_proxy_timeout_fields.patch Normal file
View File

@ -0,0 +1,182 @@
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 57e73e04..9a95ef99 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -242,6 +242,15 @@ typedef struct {
} ngx_stream_module_t;
+typedef struct {
+ ngx_msec_t connect_timeout;
+ ngx_msec_t timeout;
+} ngx_stream_proxy_ctx_t;
+
+
+#define NGX_STREAM_HAVE_PROXY_TIMEOUT_FIELDS_PATCH 1
+
+
#define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */
#define NGX_STREAM_MAIN_CONF 0x02000000
@@ -295,6 +304,7 @@ void ngx_stream_finalize_session(ngx_stream_session_t *s, ngx_uint_t rc);
extern ngx_module_t ngx_stream_module;
extern ngx_uint_t ngx_stream_max_module;
extern ngx_module_t ngx_stream_core_module;
+extern ngx_module_t ngx_stream_proxy_module;
typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s,
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 7484a728..7b50b427 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -378,6 +378,7 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_stream_proxy_srv_conf_t *pscf;
ngx_stream_upstream_srv_conf_t *uscf, **uscfp;
ngx_stream_upstream_main_conf_t *umcf;
+ ngx_stream_proxy_ctx_t *pctx;
c = s->connection;
@@ -386,6 +387,17 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"proxy connection handler");
+ pctx = ngx_palloc(c->pool, sizeof(ngx_stream_proxy_ctx_t));
+ if (pctx == NULL) {
+ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ pctx->connect_timeout = pscf->connect_timeout;
+ pctx->timeout = pscf->timeout;
+
+ ngx_stream_set_ctx(s, pctx, ngx_stream_proxy_module);
+
u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t));
if (u == NULL) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
@@ -677,6 +689,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = s->connection;
@@ -684,6 +697,8 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
u = s->upstream;
u->connected = 0;
@@ -747,7 +762,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
pc->read->handler = ngx_stream_proxy_connect_handler;
pc->write->handler = ngx_stream_proxy_connect_handler;
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
@@ -920,8 +935,10 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
ssize_t n, size;
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
- ngx_stream_proxy_srv_conf_t *pscf;
u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER];
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
c = s->connection;
@@ -948,9 +965,7 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s)
return NGX_ERROR;
}
- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
-
- ngx_add_timer(pc->write, pscf->timeout);
+ ngx_add_timer(pc->write, ctx->timeout);
pc->write->handler = ngx_stream_proxy_connect_handler;
@@ -1014,6 +1029,9 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
ngx_connection_t *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1051,7 +1069,7 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
if (rc == NGX_AGAIN) {
if (!pc->write->timer_set) {
- ngx_add_timer(pc->write, pscf->connect_timeout);
+ ngx_add_timer(pc->write, ctx->connect_timeout);
}
pc->ssl->handler = ngx_stream_proxy_ssl_handshake;
@@ -1316,6 +1334,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
c = ev->data;
s = c->data;
@@ -1327,6 +1346,8 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
return;
}
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
+
c = s->connection;
pc = u->peer.connection;
@@ -1346,7 +1367,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
}
if (u->connected && !c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
}
return;
@@ -1507,7 +1528,9 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
ngx_connection_t *c, *pc, *src, *dst;
ngx_log_handler_pt handler;
ngx_stream_upstream_t *u;
- ngx_stream_proxy_srv_conf_t *pscf;
+ ngx_stream_proxy_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module);
u = s->upstream;
@@ -1529,8 +1552,6 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
return;
}
- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
-
if (from_upstream) {
src = pc;
dst = c;
@@ -1682,7 +1703,7 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
}
if (!c->read->delayed && !pc->read->delayed) {
- ngx_add_timer(c->write, pscf->timeout);
+ ngx_add_timer(c->write, ctx->timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);

13
patches/nginx-1.19.9-stream_ssl_preread_no_skip.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index e3d11fd9..3717b5fe 100644
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
if (rc != NGX_AGAIN) {
- return rc;
+ return rc == NGX_OK ? NGX_DECLINED : rc;
}
p += len;

23
patches/nginx-1.19.9-upstream_pipelining.patch Normal file
View File

@ -0,0 +1,23 @@
commit f9907b72a76a21ac5413187b83177a919475c75f
Author: Yichun Zhang (agentzh) <agentzh@gmail.com>
Date: Wed Feb 10 16:05:08 2016 -0800
bugfix: upstream: keep sending request data after the first write attempt.
See
http://mailman.nginx.org/pipermail/nginx-devel/2012-March/002040.html
for more details on the issue.
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 69019417..92b7c97f 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2239,7 +2239,7 @@ ngx_http_upstream_send_request_handler(ngx_http_request_t *r,
#endif
- if (u->header_sent && !u->conf->preserve_output) {
+ if (u->request_body_sent && !u->conf->preserve_output) {
u->write_event_handler = ngx_http_upstream_dummy_handler;
(void) ngx_handle_write_event(c->write, 0);

112
patches/nginx-1.19.9-upstream_timeout_fields.patch Normal file
View File

@ -0,0 +1,112 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 69019417..2265d8f7 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -509,12 +509,19 @@ void
ngx_http_upstream_init(ngx_http_request_t *r)
{
ngx_connection_t *c;
+ ngx_http_upstream_t *u;
c = r->connection;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http init upstream, client timer: %d", c->read->timer_set);
+ u = r->upstream;
+
+ u->connect_timeout = u->conf->connect_timeout;
+ u->send_timeout = u->conf->send_timeout;
+ u->read_timeout = u->conf->read_timeout;
+
#if (NGX_HTTP_V2)
if (r->stream) {
ngx_http_upstream_init_request(r);
@@ -1626,7 +1633,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
u->request_body_blocked = 0;
if (rc == NGX_AGAIN) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
return;
}
@@ -1704,7 +1711,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
if (rc == NGX_AGAIN) {
if (!c->write->timer_set) {
- ngx_add_timer(c->write, u->conf->connect_timeout);
+ ngx_add_timer(c->write, u->connect_timeout);
}
c->ssl->handler = ngx_http_upstream_ssl_handshake_handler;
@@ -2022,7 +2029,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
if (rc == NGX_AGAIN) {
if (!c->write->ready || u->request_body_blocked) {
- ngx_add_timer(c->write, u->conf->send_timeout);
+ ngx_add_timer(c->write, u->send_timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);
@@ -2084,7 +2091,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
return;
}
- ngx_add_timer(c->read, u->conf->read_timeout);
+ ngx_add_timer(c->read, u->read_timeout);
if (c->read->ready) {
ngx_http_upstream_process_header(r, u);
@@ -3213,7 +3220,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
p->cyclic_temp_file = 0;
}
- p->read_timeout = u->conf->read_timeout;
+ p->read_timeout = u->read_timeout;
p->send_timeout = clcf->send_timeout;
p->send_lowat = clcf->send_lowat;
@@ -3458,7 +3465,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->write->active && !upstream->write->ready) {
- ngx_add_timer(upstream->write, u->conf->send_timeout);
+ ngx_add_timer(upstream->write, u->send_timeout);
} else if (upstream->write->timer_set) {
ngx_del_timer(upstream->write);
@@ -3470,7 +3477,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
@@ -3664,7 +3671,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r,
}
if (upstream->read->active && !upstream->read->ready) {
- ngx_add_timer(upstream->read, u->conf->read_timeout);
+ ngx_add_timer(upstream->read, u->read_timeout);
} else if (upstream->read->timer_set) {
ngx_del_timer(upstream->read);
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index c2f4dc0b..b9eef118 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -333,6 +333,11 @@ struct ngx_http_upstream_s {
ngx_array_t *caches;
#endif
+#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1
+ ngx_msec_t connect_timeout;
+ ngx_msec_t send_timeout;
+ ngx_msec_t read_timeout;
+
ngx_http_upstream_headers_in_t headers_in;
ngx_http_upstream_resolved_t *resolved;

15
patches/nginx-1.19.9-win32_max_err_str.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/src/os/win32/ngx_event_log.c b/src/os/win32/ngx_event_log.c
index e11ed1e8..dce8eddd 100644
--- a/src/os/win32/ngx_event_log.c
+++ b/src/os/win32/ngx_event_log.c
@@ -8,7 +8,9 @@
#include <ngx_core.h>
-#define NGX_MAX_ERROR_STR 2048
+#ifndef NGX_MAX_ERROR_STR
+#define NGX_MAX_ERROR_STR 4096
+#endif
void ngx_cdecl

11
patches/nginx-1.21.3-always_enable_cc_feature_tests.patch Normal file
View File

@ -0,0 +1,11 @@
--- nginx-1.21.3/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800
+++ nginx-1.21.3-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800
@@ -136,7 +136,7 @@ fi
CFLAGS="$CFLAGS $NGX_CC_OPT"
NGX_TEST_LD_OPT="$NGX_LD_OPT"
-if [ "$NGX_PLATFORM" != win32 ]; then
+if [ 1 ]; then
if test -n "$NGX_LD_OPT"; then
ngx_feature=--with-ld-opt=\"$NGX_LD_OPT\"

72
patches/nginx-1.21.3-balancer_status_code.patch Normal file
View File

@ -0,0 +1,72 @@
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index f8d5707d..6efe0047 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ ngx_http_upstream_finalize_request(r, u, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 3e714e5b..dfbb25e0 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[];
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[];
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
index 09d24593..d8b4b584 100644
--- a/src/stream/ngx_stream.h
+++ b/src/stream/ngx_stream.h
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t;
#define NGX_STREAM_OK 200
+#define NGX_STREAM_SPECIAL_RESPONSE 300
#define NGX_STREAM_BAD_REQUEST 400
#define NGX_STREAM_FORBIDDEN 403
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 818d7329..329dcdc6 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s)
return;
}
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) {
+ ngx_stream_proxy_finalize(s, rc);
+ return;
+ }
+
u->state->peer = u->peer.name;
if (rc == NGX_BUSY) {
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h
index 73947f46..21bc0ad7 100644
--- a/src/stream/ngx_stream_upstream.h
+++ b/src/stream/ngx_stream_upstream.h
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf,
extern ngx_module_t ngx_stream_upstream_module;
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH
+#define HAVE_BALANCER_STATUS_CODE_PATCH
+#endif
+
+
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */

13
patches/nginx-1.21.3-builtin_error_page_footer.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 64e5acd..f5374f6 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -26,7 +26,7 @@ static u_char ngx_http_error_full_tail[] =
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
+"<hr><center>openresty</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

19
patches/nginx-1.21.3-cache_manager_exit.patch Normal file
View File

@ -0,0 +1,19 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1383598130 28800
# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa
# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c
Cache: gracefully exit the cache manager process.
diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400
+++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800
@@ -1134,7 +1134,7 @@
if (ngx_terminate || ngx_quit) {
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting");
- exit(0);
+ ngx_worker_process_exit(cycle);
}
if (ngx_reopen) {

12
patches/nginx-1.21.3-daemon_destroy_pool.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
index ab672110..f259af31 100644
--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
@@ -23,6 +23,8 @@ ngx_daemon(ngx_log_t *log)
break;
default:
+ /* just to make it ASAN or Valgrind clean */
+ ngx_destroy_pool(ngx_cycle->pool);
exit(0);
}

98
patches/nginx-1.21.3-delayed_posted_events.patch Normal file
View File

@ -0,0 +1,98 @@
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index 57af8132..4853945f 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
ngx_uint_t flags;
ngx_msec_t timer, delta;
+ ngx_queue_t *q;
+ ngx_event_t *ev;
+
if (ngx_timer_resolution) {
timer = NGX_TIMER_INFINITE;
flags = 0;
@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
#endif
}
+ if (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "posted delayed event queue not empty"
+ " making poll timeout 0");
+ timer = 0;
+ }
+
if (ngx_use_accept_mutex) {
if (ngx_accept_disabled > 0) {
ngx_accept_disabled--;
@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
}
ngx_event_process_posted(cycle, &ngx_posted_events);
+
+ while (!ngx_queue_empty(&ngx_posted_delayed_events)) {
+ q = ngx_queue_head(&ngx_posted_delayed_events);
+
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ if (ev->delayed) {
+ /* start of newly inserted nodes */
+ for (/* void */;
+ q != ngx_queue_sentinel(&ngx_posted_delayed_events);
+ q = ngx_queue_next(q))
+ {
+ ev = ngx_queue_data(q, ngx_event_t, queue);
+ ev->delayed = 0;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "skipping delayed posted event %p,"
+ " till next iteration", ev);
+ }
+
+ break;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "delayed posted event %p", ev);
+
+ ngx_delete_posted_event(ev);
+
+ ev->handler(ev);
+ }
}
@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
ngx_queue_init(&ngx_posted_accept_events);
ngx_queue_init(&ngx_posted_events);
+ ngx_queue_init(&ngx_posted_delayed_events);
if (ngx_event_timer_init(cycle->log) == NGX_ERROR) {
return NGX_ERROR;
diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c
index d851f3d1..b6cea009 100644
--- a/src/event/ngx_event_posted.c
+++ b/src/event/ngx_event_posted.c
@@ -12,6 +12,7 @@
ngx_queue_t ngx_posted_accept_events;
ngx_queue_t ngx_posted_events;
+ngx_queue_t ngx_posted_delayed_events;
void
diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h
index 145d30fe..6c388553 100644
--- a/src/event/ngx_event_posted.h
+++ b/src/event/ngx_event_posted.h
@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted);
extern ngx_queue_t ngx_posted_accept_events;
extern ngx_queue_t ngx_posted_events;
+extern ngx_queue_t ngx_posted_delayed_events;
+
+#define HAVE_POSTED_DELAYED_EVENTS_PATCH
#endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */

20
patches/nginx-1.21.3-hash_overflow.patch Normal file
View File

@ -0,0 +1,20 @@
# HG changeset patch
# User Yichun Zhang <agentzh@gmail.com>
# Date 1412276417 25200
# Thu Oct 02 12:00:17 2014 -0700
# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5
# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd
Hash: buffer overflow might happen when exceeding the pre-configured limits.
diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c
--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700
+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
continue;
}
+ size--;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "

59
patches/nginx-1.21.3-init_cycle_pool_release.patch Normal file
View File

@ -0,0 +1,59 @@
diff -rup nginx-1.21.3/src/core/nginx.c nginx-1.21.3-patched/src/core/nginx.c
--- nginx-1.21.3/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800
+++ nginx-1.21.3-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800
@@ -186,6 +186,7 @@ static u_char *ngx_prefix;
static u_char *ngx_conf_file;
static u_char *ngx_conf_params;
static char *ngx_signal;
+ngx_pool_t *saved_init_cycle_pool = NULL;
static char **ngx_os_environ;
@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
return 1;
}
+ saved_init_cycle_pool = init_cycle.pool;
+
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
return 1;
}
diff -rup nginx-1.21.3/src/core/ngx_core.h nginx-1.21.3-patched/src/core/ngx_core.h
--- nginx-1.21.3/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.21.3-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800
@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
#endif
+extern ngx_pool_t *saved_init_cycle_pool;
+
#endif /* _NGX_CORE_H_INCLUDED_ */
diff -rup nginx-1.21.3/src/core/ngx_cycle.c nginx-1.21.3-patched/src/core/ngx_cycle.c
--- nginx-1.21.3/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.21.3-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800
@@ -748,6 +748,10 @@ old_shm_zone_done:
if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
+ if (ngx_is_init_cycle(old_cycle)) {
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(old_cycle->pool);
cycle->old_cycle = NULL;
diff -rup nginx-1.21.3/src/os/unix/ngx_process_cycle.c nginx-1.21.3-patched/src/os/unix/ngx_process_cycle.c
--- nginx-1.21.3/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800
+++ nginx-1.21.3-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800
@@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
ngx_exit_cycle.files_n = ngx_cycle->files_n;
ngx_cycle = &ngx_exit_cycle;
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
+ ngx_destroy_pool(saved_init_cycle_pool);
+ saved_init_cycle_pool = NULL;
+ }
+
ngx_destroy_pool(cycle->pool);
exit(0);

Some files were not shown because too many files have changed in this diff Show More