changeset 658:5a4401b9551b NGINX_1_1_13

nginx 1.1.13 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Bugfix: the "limit_req" directive parameters were not inherited correctly; the bug had appeared in 1.1.12. *) Bugfix: the "proxy_redirect" directive incorrectly processed "Refresh" header if regular expression were used. *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.12. *) Bugfix: in the ngx_http_mp4_module.
author Igor Sysoev <http://sysoev.ru>
date Mon, 16 Jan 2012 00:00:00 +0400
parents e1296af53cc0
children d48f991d7bd0
files CHANGES CHANGES.ru LICENSE auto/cc/icc auto/lib/pcre/conf src/core/nginx.h src/core/ngx_hash.c src/core/ngx_log.h src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h src/http/modules/ngx_http_fastcgi_module.c src/http/modules/ngx_http_limit_req_module.c src/http/modules/ngx_http_mp4_module.c src/http/modules/ngx_http_proxy_module.c src/http/modules/ngx_http_scgi_module.c src/http/modules/ngx_http_ssl_module.c src/http/modules/ngx_http_uwsgi_module.c src/http/modules/perl/nginx.pm src/mail/ngx_mail_ssl_module.c src/os/unix/ngx_process_cycle.c
diffstat 20 files changed, 174 insertions(+), 79 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Mon Dec 26 00:00:00 2011 +0400
+++ b/CHANGES	Mon Jan 16 00:00:00 2012 +0400
@@ -1,8 +1,30 @@
 
+Changes with nginx 1.1.13                                        16 Jan 2012
+
+    *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
+       "ssl_protocols" directive.
+
+    *) Bugfix: the "limit_req" directive parameters were not inherited
+       correctly; the bug had appeared in 1.1.12.
+
+    *) Bugfix: the "proxy_redirect" directive incorrectly processed
+       "Refresh" header if regular expression were used.
+
+    *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
+       did not return answer from cache if there were no live upstreams.
+
+    *) Bugfix: the "worker_cpu_affinity" directive might not work.
+
+    *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
+       1.1.12.
+
+    *) Bugfix: in the ngx_http_mp4_module.
+
+
 Changes with nginx 1.1.12                                        26 Dec 2011
 
     *) Change: a "proxy_pass" directive without URI part now uses changed
-       URI after redirection with the "error_page" directive;
+       URI after redirection with the "error_page" directive.
        Thanks to Lanshun Zhou.
 
     *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock",
@@ -28,7 +50,7 @@
        original request URI if variables were used.
 
     *) Bugfix: a "proxy_pass" directive without URI part might use original
-       request after redirection with the "try_files" directive;
+       request after redirection with the "try_files" directive.
        Thanks to Lanshun Zhou.
 
     *) Bugfix: in the ngx_http_scgi_module.
--- a/CHANGES.ru	Mon Dec 26 00:00:00 2011 +0400
+++ b/CHANGES.ru	Mon Jan 16 00:00:00 2012 +0400
@@ -1,9 +1,31 @@
 
+Изменения в nginx 1.1.13                                          16.01.2012
+
+    *) Добавление: параметры TLSv1.1 и TLSv1.2 в директиве ssl_protocols.
+
+    *) Исправление: параметры директивы limit_req наследовались некорректно;
+       ошибка появилась в 1.1.12.
+
+    *) Исправление: директива proxy_redirect некорректно обрабатывала
+       заголовк Refresh при использовании регулярных выражений.
+
+    *) Исправление: директива proxy_cache_use_stale с параметром error не
+       возвращала ответ из кэша, если все бекенды были признаны
+       неработающими.
+
+    *) Исправление: директива worker_cpu_affinity могла не работать.
+
+    *) Исправление: nginx не собирался на Solaris; ошибка появилась в
+       1.1.12.
+
+    *) Исправление: в модуле ngx_http_mp4_module.
+
+
 Изменения в nginx 1.1.12                                          26.12.2011
 
     *) Изменение: после перенаправления запроса с помощью директивы
        error_page директива proxy_pass без URI теперь использует изменённый
-       URI;
+       URI.
        Спасибо Lanshun Zhou.
 
     *) Добавление: директивы proxy/fastcgi/scgi/uwsgi_cache_lock,
@@ -30,7 +52,7 @@
 
     *) Исправление: после перенаправления запроса с помощью директивы
        try_files директива proxy_pass без URI могла использовать URI
-       исходного запроса;
+       исходного запроса.
        Спасибо Lanshun Zhou.
 
     *) Исправление: в модуле ngx_http_scgi_module.
--- a/LICENSE	Mon Dec 26 00:00:00 2011 +0400
+++ b/LICENSE	Mon Jan 16 00:00:00 2012 +0400
@@ -1,5 +1,5 @@
 /* 
- * Copyright (C) 2002-2011 Igor Sysoev
+ * Copyright (C) 2002-2012 Igor Sysoev
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
--- a/auto/cc/icc	Mon Dec 26 00:00:00 2011 +0400
+++ b/auto/cc/icc	Mon Jan 16 00:00:00 2012 +0400
@@ -2,7 +2,7 @@
 # Copyright (C) Igor Sysoev
 
 
-# Intel C++ compiler 7.1, 8.0, 8.1, 9.0
+# Intel C++ compiler 7.1, 8.0, 8.1, 9.0, 11.1
 
 NGX_ICC_VER=`$CC -V 2>&1 | grep 'Version' 2>&1 \
                          | sed -e 's/^.* Version \([^ ]*\) *Build.*$/\1/'`
@@ -15,32 +15,7 @@
 # optimizations
 
 CFLAGS="$CFLAGS -O"
-# inline the functions declared with __inline
-#CFLAGS="$CFLAGS -Ob1"
-# inline any function, at the compiler's discretion
-CFLAGS="$CFLAGS -Ob2"
 
-# multi-file IP optimizations
-case "$NGX_ICC_VER" in
-    9.*)
-        IPO="-ipo"
-    ;;
-
-    # 8.1.38 under FreeBSD can not link -ipo
-    8.1)
-        IPO="-ip"
-    ;;
-
-    *)
-        IPO="-ipo -ipo_obj"
-    ;;
-esac
-
-# single-file IP optimizations
-#IPO="-ip"
-
-CFLAGS="$CFLAGS $IPO"
-CORE_LINK="$CORE_LINK $IPO"
 CORE_LINK="$CORE_LINK -opt_report_file=$NGX_OBJS/opt_report_file"
 
 
@@ -64,15 +39,15 @@
 CFLAGS="$CFLAGS $CPU_OPT"
 
 if [ ".$PCRE_OPT" = "." ]; then
-    PCRE_OPT="-O $IPO $CPU_OPT"
+    PCRE_OPT="-O $CPU_OPT"
 fi
 
 if [ ".$MD5_OPT" = "." ]; then
-    MD5_OPT="-O $IPO $CPU_OPT"
+    MD5_OPT="-O $CPU_OPT"
 fi
 
 if [ ".$ZLIB_OPT" = "." ]; then
-    ZLIB_OPT="-O $IPO $CPU_OPT"
+    ZLIB_OPT="-O $CPU_OPT"
 fi
 
 
--- a/auto/lib/pcre/conf	Mon Dec 26 00:00:00 2011 +0400
+++ b/auto/lib/pcre/conf	Mon Jan 16 00:00:00 2012 +0400
@@ -165,7 +165,7 @@
             PCRE=YES
         fi
 
-        if [ $PCRE == YES ]; then
+        if [ $PCRE = YES ]; then
             ngx_feature="PCRE JIT support"
             ngx_feature_name="NGX_HAVE_PCRE_JIT"
             ngx_feature_test="int jit = 0;
--- a/src/core/nginx.h	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/core/nginx.h	Mon Jan 16 00:00:00 2012 +0400
@@ -8,8 +8,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1001011
-#define NGINX_VERSION      "1.1.12"
+#define nginx_version      1001013
+#define NGINX_VERSION      "1.1.13"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
--- a/src/core/ngx_hash.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/core/ngx_hash.c	Mon Jan 16 00:00:00 2012 +0400
@@ -277,7 +277,7 @@
     start = nelts / (bucket_size / (2 * sizeof(void *)));
     start = start ? start : 1;
 
-    if (hinit->max_size > 10000 && hinit->max_size / nelts < 100) {
+    if (hinit->max_size > 10000 && nelts && hinit->max_size / nelts < 100) {
         start = hinit->max_size - 1000;
     }
 
--- a/src/core/ngx_log.h	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/core/ngx_log.h	Mon Jan 16 00:00:00 2012 +0400
@@ -121,15 +121,38 @@
 
 #if (NGX_HAVE_VARIADIC_MACROS)
 
-#define ngx_log_debug0  ngx_log_debug
-#define ngx_log_debug1  ngx_log_debug
-#define ngx_log_debug2  ngx_log_debug
-#define ngx_log_debug3  ngx_log_debug
-#define ngx_log_debug4  ngx_log_debug
-#define ngx_log_debug5  ngx_log_debug
-#define ngx_log_debug6  ngx_log_debug
-#define ngx_log_debug7  ngx_log_debug
-#define ngx_log_debug8  ngx_log_debug
+#define ngx_log_debug0(level, log, err, fmt)                                  \
+        ngx_log_debug(level, log, err, fmt)
+
+#define ngx_log_debug1(level, log, err, fmt, arg1)                            \
+        ngx_log_debug(level, log, err, fmt, arg1)
+
+#define ngx_log_debug2(level, log, err, fmt, arg1, arg2)                      \
+        ngx_log_debug(level, log, err, fmt, arg1, arg2)
+
+#define ngx_log_debug3(level, log, err, fmt, arg1, arg2, arg3)                \
+        ngx_log_debug(level, log, err, fmt, arg1, arg2, arg3)
+
+#define ngx_log_debug4(level, log, err, fmt, arg1, arg2, arg3, arg4)          \
+        ngx_log_debug(level, log, err, fmt, arg1, arg2, arg3, arg4)
+
+#define ngx_log_debug5(level, log, err, fmt, arg1, arg2, arg3, arg4, arg5)    \
+        ngx_log_debug(level, log, err, fmt, arg1, arg2, arg3, arg4, arg5)
+
+#define ngx_log_debug6(level, log, err, fmt,                                  \
+                       arg1, arg2, arg3, arg4, arg5, arg6)                    \
+        ngx_log_debug(level, log, err, fmt,                                   \
+                       arg1, arg2, arg3, arg4, arg5, arg6)
+
+#define ngx_log_debug7(level, log, err, fmt,                                  \
+                       arg1, arg2, arg3, arg4, arg5, arg6, arg7)              \
+        ngx_log_debug(level, log, err, fmt,                                   \
+                       arg1, arg2, arg3, arg4, arg5, arg6, arg7)
+
+#define ngx_log_debug8(level, log, err, fmt,                                  \
+                       arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)        \
+        ngx_log_debug(level, log, err, fmt,                                   \
+                       arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)
 
 
 #else /* NO VARIADIC MACROS */
--- a/src/event/ngx_event_openssl.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/event/ngx_event_openssl.c	Mon Jan 16 00:00:00 2012 +0400
@@ -78,18 +78,6 @@
 };
 
 
-static long  ngx_ssl_protocols[] = {
-    SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
-    SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
-    SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1,
-    SSL_OP_NO_TLSv1,
-    SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3,
-    SSL_OP_NO_SSLv3,
-    SSL_OP_NO_SSLv2,
-    0,
-};
-
-
 int  ngx_ssl_connection_index;
 int  ngx_ssl_server_conf_index;
 int  ngx_ssl_session_cache_index;
@@ -171,9 +159,25 @@
 
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
 
-    if (ngx_ssl_protocols[protocols >> 1] != 0) {
-        SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
+    if (!(protocols & NGX_SSL_SSLv2)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
+    }
+    if (!(protocols & NGX_SSL_SSLv3)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
+    }
+    if (!(protocols & NGX_SSL_TLSv1)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
     }
+#ifdef SSL_OP_NO_TLSv1_1
+    if (!(protocols & NGX_SSL_TLSv1_1)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
+    }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+    if (!(protocols & NGX_SSL_TLSv1_2)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
+    }
+#endif
 
 #ifdef SSL_OP_NO_COMPRESSION
     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
--- a/src/event/ngx_event_openssl.h	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/event/ngx_event_openssl.h	Mon Jan 16 00:00:00 2012 +0400
@@ -81,9 +81,11 @@
 
 
 
-#define NGX_SSL_SSLv2    2
-#define NGX_SSL_SSLv3    4
-#define NGX_SSL_TLSv1    8
+#define NGX_SSL_SSLv2    0x0002
+#define NGX_SSL_SSLv3    0x0004
+#define NGX_SSL_TLSv1    0x0008
+#define NGX_SSL_TLSv1_1  0x0010
+#define NGX_SSL_TLSv1_2  0x0020
 
 
 #define NGX_SSL_BUFFER   1
--- a/src/http/modules/ngx_http_fastcgi_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_fastcgi_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -2314,6 +2314,10 @@
                                          |NGX_HTTP_UPSTREAM_FT_OFF;
     }
 
+    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_ERROR) {
+        conf->upstream.cache_use_stale |= NGX_HTTP_UPSTREAM_FT_NOLIVE;
+    }
+
     if (conf->upstream.cache_methods == 0) {
         conf->upstream.cache_methods = prev->upstream.cache_methods;
     }
--- a/src/http/modules/ngx_http_limit_req_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_limit_req_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -570,6 +570,8 @@
 
     if (conf->shm_zone == NULL) {
         conf->shm_zone = prev->shm_zone;
+        conf->burst = prev->burst;
+        conf->nodelay = prev->nodelay;
     }
 
     ngx_conf_merge_uint_value(conf->limit_log_level, prev->limit_log_level,
--- a/src/http/modules/ngx_http_mp4_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_mp4_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -165,10 +165,10 @@
     ((u_char *) (p))[7] = n4
 
 #define ngx_mp4_get_32value(p)                                                \
-    ( (((u_char *) (p))[0] << 24)                                             \
-    + (((u_char *) (p))[1] << 16)                                             \
-    + (((u_char *) (p))[2] << 8)                                              \
-    + (((u_char *) (p))[3]) )
+    ( ((uint32_t) ((u_char *) (p))[0] << 24)                                  \
+    + (           ((u_char *) (p))[1] << 16)                                  \
+    + (           ((u_char *) (p))[2] << 8)                                   \
+    + (           ((u_char *) (p))[3]) )
 
 #define ngx_mp4_set_32value(p, n)                                             \
     ((u_char *) (p))[0] = (u_char) ((n) >> 24);                               \
--- a/src/http/modules/ngx_http_proxy_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_proxy_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -2348,6 +2348,8 @@
 ngx_http_proxy_rewrite_redirect_regex(ngx_http_request_t *r, ngx_table_elt_t *h,
     size_t prefix, ngx_http_proxy_redirect_t *pr)
 {
+    size_t      len;
+    u_char     *data;
     ngx_str_t   redirect, replacement;
 
     redirect.len = h->value.len - prefix;
@@ -2361,7 +2363,23 @@
         return NGX_ERROR;
     }
 
-    h->value = replacement;
+    if (!prefix) {
+        h->value = replacement;
+        return NGX_OK;
+    }
+
+    len = prefix + replacement.len;
+
+    data = ngx_pnalloc(r->pool, len);
+    if (data == NULL) {
+        return NGX_ERROR;
+    }
+
+    ngx_memcpy(data, h->value.data, prefix);
+    ngx_memcpy(data + prefix, replacement.data, replacement.len);
+
+    h->value.len = len;
+    h->value.data = data;
 
     return NGX_OK;
 }
@@ -2667,17 +2685,21 @@
                               (NGX_CONF_BITMASK_SET
                                |NGX_HTTP_UPSTREAM_FT_OFF));
 
+    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_OFF) {
+        conf->upstream.cache_use_stale = NGX_CONF_BITMASK_SET
+                                         |NGX_HTTP_UPSTREAM_FT_OFF;
+    }
+
+    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_ERROR) {
+        conf->upstream.cache_use_stale |= NGX_HTTP_UPSTREAM_FT_NOLIVE;
+    }
+
     if (conf->upstream.cache_methods == 0) {
         conf->upstream.cache_methods = prev->upstream.cache_methods;
     }
 
     conf->upstream.cache_methods |= NGX_HTTP_GET|NGX_HTTP_HEAD;
 
-    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_OFF) {
-        conf->upstream.cache_use_stale = NGX_CONF_BITMASK_SET
-                                         |NGX_HTTP_UPSTREAM_FT_OFF;
-    }
-
     ngx_conf_merge_ptr_value(conf->upstream.cache_bypass,
                              prev->upstream.cache_bypass, NULL);
 
@@ -3580,7 +3602,9 @@
     plcf->upstream.ssl->log = cf->log;
 
     if (ngx_ssl_create(plcf->upstream.ssl,
-                       NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1, NULL)
+                       NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                                    |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
+                       NULL)
         != NGX_OK)
     {
         return NGX_ERROR;
--- a/src/http/modules/ngx_http_scgi_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_scgi_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -1286,6 +1286,10 @@
                                          |NGX_HTTP_UPSTREAM_FT_OFF;
     }
 
+    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_ERROR) {
+        conf->upstream.cache_use_stale |= NGX_HTTP_UPSTREAM_FT_NOLIVE;
+    }
+
     if (conf->upstream.cache_methods == 0) {
         conf->upstream.cache_methods = prev->upstream.cache_methods;
     }
--- a/src/http/modules/ngx_http_ssl_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_ssl_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -37,6 +37,8 @@
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
     { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
     { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+    { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+    { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
     { ngx_null_string, 0 }
 };
 
@@ -364,7 +366,8 @@
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 
     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
--- a/src/http/modules/ngx_http_uwsgi_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/ngx_http_uwsgi_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -1338,6 +1338,10 @@
                                          |NGX_HTTP_UPSTREAM_FT_OFF;
     }
 
+    if (conf->upstream.cache_use_stale & NGX_HTTP_UPSTREAM_FT_ERROR) {
+        conf->upstream.cache_use_stale |= NGX_HTTP_UPSTREAM_FT_NOLIVE;
+    }
+
     if (conf->upstream.cache_methods == 0) {
         conf->upstream.cache_methods = prev->upstream.cache_methods;
     }
--- a/src/http/modules/perl/nginx.pm	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/http/modules/perl/nginx.pm	Mon Jan 16 00:00:00 2012 +0400
@@ -48,7 +48,7 @@
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '1.1.12';
+our $VERSION = '1.1.13';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);
--- a/src/mail/ngx_mail_ssl_module.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/mail/ngx_mail_ssl_module.c	Mon Jan 16 00:00:00 2012 +0400
@@ -37,6 +37,8 @@
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
     { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
     { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+    { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+    { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
     { ngx_null_string, 0 }
 };
 
@@ -206,7 +208,8 @@
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
--- a/src/os/unix/ngx_process_cycle.c	Mon Dec 26 00:00:00 2011 +0400
+++ b/src/os/unix/ngx_process_cycle.c	Mon Jan 16 00:00:00 2012 +0400
@@ -914,7 +914,10 @@
         ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0,
                       "sched_setaffinity(0x%08Xl)", cpu_affinity);
 
-        if (sched_setaffinity(0, 32, (cpu_set_t *) &cpu_affinity) == -1) {
+        if (sched_setaffinity(0, sizeof(cpu_affinity),
+                              (cpu_set_t *) &cpu_affinity)
+            == -1)
+        {
             ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
                           "sched_setaffinity(0x%08Xl) failed", cpu_affinity);
         }