| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
In rare cases, when the destination process had finished running but no
notification of this was received yet, send could fail with an error, and the
send message structure with file descriptors could leak.
The leakage was periodically reproduced by respawn tests on FreeBSD 12.
|
|
A race may occur between the router process restart and the main process
sending a notification to the running controller. For example, a test script
detects the new process and starts performing a smoke test, but the controller
has not yet received the 'remove PID' notification, so the connection to the
router is broken and any attempt to update the configuration will cause an
error.
The solution is to perform several attempts to reconfigure Unit with a short
delay between failures.
|
|
If an exception was raised with a backtrace of zero length, the
nxt_ruby_exception_log() routine would return without logging the
exception class and message. This commit fixes the issue.
|
|
Because of the incorrect 'last' field assignment, multiple listeners with
a TLS certificate did not initialize properly, which caused a router crash
while establishing a connection.
Test with multiple TLS listeners added.
The issue was introduced in the c548e46fe516 commit.
This closes #561 issue on GitHub.
|
|
No functional changes.
|
|
Also minor style changes.
|
|
|
|
The patch removes the "files" section from package.json to avoid future issues
with missing files. For package testing purposes, 'npm pack' is used instead
of plain 'tar' to simulate packaging more accurately.
|
|
The files loader.js and loader.mjs (introduced in f85b85094541 and 3c551b9721df)
were added to the packaged files list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"CipherString" and "Ciphersuites" file commands are used:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
This feature can be configured in the "tls/conf_commands" section.
|
|
A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if
SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
The flag SSL_RECEIVED_SHUTDOWN is used to avoid getting SSL_ERROR_WANT_READ, so
the server won't wait for a close notification from a client.
For SSL_ERROR_WANT_WRITE, a correct timer handler is set up.
|
|
|
|
|
|
This patch fixes a possible race between the nxt_router_conf_wait() and
nxt_router_listen_socket_release() function calls and improves the 7f1b2eaa2d58
commit fix.
|
|
In Go 1.16, the module-aware mode is enabled by default; to fall back to
previous behavior, the GO111MODULE environment variable should be set to
'auto'.
Details: https://golang.org/doc/go1.16
|
|
|
|
|
|
Data length adjusts depending on socket buffer size when it's possible.
|
|
|
|
|
|
This fixes building module with the development version of PHP after the change:
https://github.com/php/php-src/commit/c732ab400af92c54eee47c487a56009f1d79dd5d
|
|
|
|
|
|
|
|
Ruby 3.0 deprecated rb_cData with the intention to remove it in release 3.1.
This commit changes references of rb_cData to rb_cObject. This was done so we
can support distributions that package Ruby 3.0, such as Fedora 34.
We also need to call rb_undef_alloc_func because we're no longer deriving from
rb_cData. This prevents unnecessary allocations.
See:
https://docs.ruby-lang.org/en/3.0.0/doc/extension_rdoc.html
"It is recommended that klass derives from a special class called Data
(rb_cData) but not from Object or other ordinal classes. If it doesn't,
you have to call rb_undef_alloc_func(klass)."
|
|
When an invalid TLS configuration is applied (such as the conf_commands
feature), nxt_cert_store_get() creates a buffer to send a certificate request
to the main process and adds its default completion handler to an asynchronous
queue to free the allocated buffer. However, if configuration fails,
nxt_router_conf_error() removes the memory pool used to allocate the buffer,
causing a crash when the completion handler is dispatched.
Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered
when is NXT_DEBUG enabled in the configure script.
This patch uses a reference counter to retain the memory pool and redefines the
completion handler to free the buffer before releasing the memory pool.
|
|
|
|
Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the timer handler to avoid
a situation when the user gets the response from the controller, but the listen
socket is still open in the router.
|
|
|
|
Also added stubs for Server.address()
This was done to prevent crashes in some popular frameworks like express
Supports both CommonJS and the new ES Modules system syntax e.g:
app.js:
const http = require('http')
app.mjs:
import http from "http"
Usage on Node 14.16.x and higher:
{
"type": "external",
"processes": {"spare": 0},
"working_directory": '/project',
"executable": "/usr/bin/env",
"arguments": [
"node",
"--loader",
"unit-http/require_shim.mjs"
"--require",
"unit-http/require_shim",
"app.js"
]
}
Usage on Node 14.15.x and lower:
{
"type": "external",
"processes": {"spare": 0},
"working_directory": '/project',
"executable": "/usr/bin/env",
"arguments": [
"node",
"--require",
"unit-http/require_shim",
"app.js"
]
}
|
|
|
|
|
|
|
|
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER
global variable until the script using it had been loaded (e. g. via the
"include" expression). As a result, nxt_php_register_variables() could be
called after fastcgi_finish_request() had finished the request and nulled
ctx->req, which thus caused a segmentation fault.
|
|
|
|
|
|
|
|
|
|
|
|
Support for chrooting, rejecting symlinks, and rejecting crossing mounting
points on a per-request basis during static file serving.
|
