# HG changeset patch # User Igor Sysoev # Date 1255464000 -14400 # Node ID 0dc162a5f3e89e9d967f4aa30b2add942d895083 # Parent 4584144e5de210aa86dce97fd432a3feb04f252e nginx 0.8.20 *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5". *) Bugfix: the ngx_http_autoindex_module did not show the trailing slash in links to a directory; the bug had appeared in 0.7.15. *) Bugfix: nginx did not close a log file set by the --error-log-path configuration option; the bug had appeared in 0.7.53. *) Bugfix: nginx did not treat a comma as separator in the "Cache-Control" backend response header line. *) Bugfix: nginx/Windows might not create temporary file, a cache file, or "proxy/fastcgi_store"d file if a worker has no enough access rights for top level directories. *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines were not hidden while caching if no "fastcgi_hide_header" directives were used with any parameters. *) Bugfix: nginx counted incorrectly disk cache size. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,28 @@ +Changes with nginx 0.8.20 14 Oct 2009 + + *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5". + + *) Bugfix: the ngx_http_autoindex_module did not show the trailing + slash in links to a directory; the bug had appeared in 0.7.15. + + *) Bugfix: nginx did not close a log file set by the --error-log-path + configuration option; the bug had appeared in 0.7.53. + + *) Bugfix: nginx did not treat a comma as separator in the + "Cache-Control" backend response header line. + + *) Bugfix: nginx/Windows might not create temporary file, a cache file, + or "proxy/fastcgi_store"d file if a worker has no enough access + rights for top level directories. + + *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines + were not hidden while caching if no "fastcgi_hide_header" directives + were used with any parameters. + + *) Bugfix: nginx counted incorrectly disk cache size. + + Changes with nginx 0.8.19 06 Oct 2009 *) Change: now SSLv2 protocol is disabled by default. diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,30 @@ +Изменения в nginx 0.8.20 14.10.2009 + + *) Изменение: теперь по умолчанию используются следующие шифры SSL: + "HIGH:!ADH:!MD5". + + *) Исправление: модуль ngx_http_autoindex_module не показывал последний + слэш для линков на каталоги; ошибка появилась в 0.7.15. + + *) Исправление: nginx не закрывал лог, заданный параметром конфигурации + --error-log-path; ошибка появилась в 0.7.53. + + *) Исправление: nginx не считал запятую разделителем в строке + "Cache-Control" в строке заголовка бэкенда. + + *) Исправление: nginx/Windows мог не создать временный файл, файл в + кэше или файл с помощью директив proxy/fastcgi_store, если рабочий + процесс не имел достаточно прав для работы с каталогами верхнего + уровня. + + *) Исправление: строки "Set-Cookie" и "P3P" в заголовке ответа + FastCGI-сервера не скрывались при кэшировании, если не + использовались директивы fastcgi_hide_header с любыми параметрами. + + *) Исправление: nginx неверно считал размер кэша на диске. + + Изменения в nginx 0.8.19 06.10.2009 *) Изменение: теперь протокол SSLv2 по умолчанию запрещён. diff --git a/src/core/nginx.c b/src/core/nginx.c --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -376,6 +376,13 @@ main(int argc, char *const *argv) } } + if (log->file->fd != ngx_stderr) { + if (ngx_close_file(log->file->fd) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, + ngx_close_file_n " built-in log failed"); + } + } + ngx_use_stderr = 0; if (ngx_process == NGX_PROCESS_SINGLE) { diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,8 +8,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 8019 -#define NGINX_VERSION "0.8.19" +#define nginx_version 8020 +#define NGINX_VERSION "0.8.20" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -183,7 +183,15 @@ ngx_create_full_path(u_char *dir, ngx_ui u_char *p, ch; ngx_err_t err; - for (p = dir + 1; *p; p++) { + err = 0; + +#if (NGX_WIN32) + p = dir + 3; +#else + p = dir + 1; +#endif + + for ( /* void */ ; *p; p++) { ch = *p; if (ch != '/') { @@ -194,7 +202,14 @@ ngx_create_full_path(u_char *dir, ngx_ui if (ngx_create_dir(dir, access) == NGX_FILE_ERROR) { err = ngx_errno; - if (err != NGX_EEXIST) { + + switch (err) { + case NGX_EEXIST: + err = 0; + case NGX_EACCES: + break; + + default: return err; } } @@ -202,7 +217,7 @@ ngx_create_full_path(u_char *dir, ngx_ui *p = '/'; } - return 0; + return err; } diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -523,6 +523,23 @@ static ngx_str_t ngx_http_fastcgi_hide_ }; +#if (NGX_HTTP_CACHE) + +static ngx_str_t ngx_http_fastcgi_hide_cache_headers[] = { + ngx_string("Status"), + ngx_string("X-Accel-Expires"), + ngx_string("X-Accel-Redirect"), + ngx_string("X-Accel-Limit-Rate"), + ngx_string("X-Accel-Buffering"), + ngx_string("X-Accel-Charset"), + ngx_string("Set-Cookie"), + ngx_string("P3P"), + ngx_null_string +}; + +#endif + + static ngx_path_init_t ngx_http_fastcgi_temp_path = { ngx_string(NGX_HTTP_FASTCGI_TEMP_PATH), { 1, 2, 0 } }; @@ -1899,6 +1916,7 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf u_char *p; size_t size; uintptr_t *code; + ngx_str_t *h; ngx_uint_t i; ngx_keyval_t *src; ngx_hash_init_t hash; @@ -2119,10 +2137,18 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf hash.bucket_size = ngx_align(64, ngx_cacheline_size); hash.name = "fastcgi_hide_headers_hash"; +#if (NGX_HTTP_CACHE) + + h = conf->upstream.cache ? ngx_http_fastcgi_hide_cache_headers: + ngx_http_fastcgi_hide_headers; +#else + + h = ngx_http_fastcgi_hide_headers; + +#endif + if (ngx_http_upstream_hide_headers_hash(cf, &conf->upstream, - &prev->upstream, - ngx_http_fastcgi_hide_headers, - &hash) + &prev->upstream, h, &hash) != NGX_OK) { return NGX_CONF_ERROR; diff --git a/src/http/modules/ngx_http_random_index_module.c b/src/http/modules/ngx_http_random_index_module.c --- a/src/http/modules/ngx_http_random_index_module.c +++ b/src/http/modules/ngx_http_random_index_module.c @@ -175,7 +175,7 @@ ngx_http_random_index_handler(ngx_http_r len = ngx_de_namelen(&dir); - if (!dir.valid_type) { + if (dir.type == 0 || ngx_de_is_link(&dir)) { /* 1 byte for '/' and 1 byte for terminating '\0' */ diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_han ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM" +#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.8.19'; +our $VERSION = '0.8.20'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_file_cache.c b/src/http/ngx_http_file_cache.c --- a/src/http/ngx_http_file_cache.c +++ b/src/http/ngx_http_file_cache.c @@ -692,7 +692,7 @@ ngx_http_file_cache_set_header(ngx_http_ void ngx_http_file_cache_update(ngx_http_request_t *r, ngx_temp_file_t *tf) { - off_t size; + off_t size, length; ngx_int_t rc; ngx_file_uniq_t uniq; ngx_file_info_t fi; @@ -714,6 +714,7 @@ ngx_http_file_cache_update(ngx_http_requ cache = c->file_cache; uniq = 0; + length = 0; ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http file cache rename: \"%s\" to \"%s\"", @@ -738,10 +739,11 @@ ngx_http_file_cache_update(ngx_http_requ } else { uniq = ngx_file_uniq(&fi); + length = ngx_file_size(&fi); } } - size = (c->length + cache->bsize - 1) / cache->bsize; + size = (length + cache->bsize - 1) / cache->bsize; ngx_shmtx_lock(&cache->shpool->mutex); @@ -751,7 +753,7 @@ ngx_http_file_cache_update(ngx_http_requ size = size - (c->node->length + cache->bsize - 1) / cache->bsize; - c->node->length = c->length; + c->node->length = length; cache->sh->size += size; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -2098,11 +2098,6 @@ ngx_http_upstream_send_response(ngx_http r->cache->date = now; r->cache->body_start = (u_short) (u->buffer.pos - u->buffer.start); - if (r->headers_out.content_length_n != -1) { - r->cache->length = r->cache->body_start - + r->headers_out.content_length_n; - } - ngx_http_file_cache_set_header(r, u->buffer.start); } else { @@ -3040,7 +3035,7 @@ ngx_http_upstream_process_cache_control( n = 0; for (p += 8; p < last; p++) { - if (*p == ';' || *p == ' ') { + if (*p == ',' || *p == ';' || *p == ' ') { break; } diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -9,7 +9,7 @@ #include -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM" +#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c --- a/src/os/unix/ngx_files.c +++ b/src/os/unix/ngx_files.c @@ -274,9 +274,8 @@ ngx_read_dir(ngx_dir_t *dir) if (dir->de) { #if (NGX_HAVE_D_TYPE) dir->type = dir->de->d_type; - dir->valid_type = dir->type ? 1 : 0; #else - dir->valid_type = 0; + dir->type = 0; #endif return NGX_OK; } diff --git a/src/os/unix/ngx_files.h b/src/os/unix/ngx_files.h --- a/src/os/unix/ngx_files.h +++ b/src/os/unix/ngx_files.h @@ -24,7 +24,6 @@ typedef struct { unsigned type:8; unsigned valid_info:1; - unsigned valid_type:1; } ngx_dir_t; @@ -200,31 +199,31 @@ ngx_int_t ngx_read_dir(ngx_dir_t *dir); #else #define ngx_de_namelen(dir) ngx_strlen((dir)->de->d_name) #endif -#define ngx_de_info(name, dir) stat((const char *) name, &(dir)->info) + +static ngx_inline ngx_int_t +ngx_de_info(u_char *name, ngx_dir_t *dir) +{ + dir->type = 0; + return stat((const char *) name, &dir->info); +} + #define ngx_de_info_n "stat()" #define ngx_de_link_info(name, dir) lstat((const char *) name, &(dir)->info) #define ngx_de_link_info_n "lstat()" #if (NGX_HAVE_D_TYPE) -#if (NGX_LINUX) - -/* XFS on Linux does not set dirent.d_type */ +/* + * some file systems (e.g. XFS on Linux and CD9660 on FreeBSD) + * do not set dirent.d_type + */ #define ngx_de_is_dir(dir) \ (((dir)->type) ? ((dir)->type == DT_DIR) : (S_ISDIR((dir)->info.st_mode))) #define ngx_de_is_file(dir) \ (((dir)->type) ? ((dir)->type == DT_REG) : (S_ISREG((dir)->info.st_mode))) #define ngx_de_is_link(dir) \ - (((dir)->type) ? ((dir)->type == DT_LINK) : (S_ISLNK((dir)->info.st_mode))) - -#else - -#define ngx_de_is_dir(dir) ((dir)->type == DT_DIR) -#define ngx_de_is_file(dir) ((dir)->type == DT_REG) -#define ngx_de_is_link(dir) ((dir)->type == DT_LINK) - -#endif /* NGX_LINUX */ + (((dir)->type) ? ((dir)->type == DT_LNK) : (S_ISLNK((dir)->info.st_mode))) #else