| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the timer handler to avoid
a situation when the user gets the response from the controller, but the listen
socket is still open in the router.
|
|
|
|
Also added stubs for Server.address()
This was done to prevent crashes in some popular frameworks like express
Supports both CommonJS and the new ES Modules system syntax e.g:
app.js:
const http = require('http')
app.mjs:
import http from "http"
Usage on Node 14.16.x and higher:
{
"type": "external",
"processes": {"spare": 0},
"working_directory": '/project',
"executable": "/usr/bin/env",
"arguments": [
"node",
"--loader",
"unit-http/require_shim.mjs"
"--require",
"unit-http/require_shim",
"app.js"
]
}
Usage on Node 14.15.x and lower:
{
"type": "external",
"processes": {"spare": 0},
"working_directory": '/project',
"executable": "/usr/bin/env",
"arguments": [
"node",
"--require",
"unit-http/require_shim",
"app.js"
]
}
|
|
|
|
|
|
|
|
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER
global variable until the script using it had been loaded (e. g. via the
"include" expression). As a result, nxt_php_register_variables() could be
called after fastcgi_finish_request() had finished the request and nulled
ctx->req, which thus caused a segmentation fault.
|
|
|
|
|
|
|
|
|
|
|
|
Support for chrooting, rejecting symlinks, and rejecting crossing mounting
points on a per-request basis during static file serving.
|
|
This is a prerequisite for further introduction of openat2() features.
No functional changes.
|
|
|
|
|
|
|
|
Introducing "unit.log.Log" class for "unit.log" file management.
Moving "findall()" function into TestApplicationProto.
Using "os.kill()" to send signals.
|
|
|
|
|
|
This change is necessary to set Encoding.default_external value correctly.
|
|
|
|
|
|
|
|
|
|
|
|
Found by rpmlint.
|
|
Found by rpmlint.
|
|
|
|
|
|
|
|
|
|
|
|
When the shm buffer is sent over the port queue, it needs to be completed
because it's sent over the port socket.
|
|
This makes the "sed" instruction simpler and more portable, as the previous
variant didn't work well on BSD systems due to the "\s" metacharacter.
Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue.
Also, this should prevent accidentally creating a version 1.0.0 package.
|
|
Globally installed modules require a globally installed libunit.
The "binding_pub.gyp" file is the correct version, otherwise linked module
may have unresolved symbols because libunit is not linked.
|
|
This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory. The leakage was caught with the
"test_settings_body_buffer_size" test. The main condition is the
"body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was
forced to split the body into several shm segments, but these buffers were not
freed because of dummy completion handlers.
|
|
The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the name, the first bundle in
the array is chosen.
|
|
|
|
|
|
|
|
|
|
Reviewed at https://rb.nginx.com/r/165/
|
|
The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside the allocated object if there were no standard name attributes.
|
|
No functional changes.
|
|
Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed. As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.
|
|
Test case: "send a text message split into two fragments, then a continuation
frame with FIN = false where there is nothing to continue, then an unfragmented
text message, all sent in one chop".
The test case investigates immediate connection closing since there is no
message to continue.
The mirror server may send a response for the first frame before the test
сontinuation frame is received by the router. In this case, the test will
receive a text frame before the close frame.
|
|
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets were removed:
- https://github.com/openssl/openssl/issues/7419
|
|
It feels to be causing more harm than good, because syslog() can be blocking,
which is even more critical under resource exhaustion conditions when some
alerts are expected.
|
|
|
