flyskype
/
openresty
mirror of https://github.com/openresty/openresty
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,499 Commits
15 Branches
181 Tags
11 MiB
master
stream-ppv2
1.19.9.x
1.21.4.x
1.25.3.x
cve
ngx-http-redis
v24.2
bump-1.21.4.2
rel
close_fd
1.19.3.x
1.17.8.x
1.15.8.x
nginx-1.13.8
v1.15.8.2
v0.8.54.3
v0.8.54.4
v0.8.54.5
v0.8.54.6
v0.8.54.8
v0.8.54.9
v1.0.10.1
v1.0.10.11
v1.0.10.13
v1.0.10.15
v1.0.10.17
v1.0.10.19
v1.0.10.21
v1.0.10.23
v1.0.10.24
v1.0.10.25
v1.0.10.27
v1.0.10.29
v1.0.10.3
v1.0.10.31
v1.0.10.33
v1.0.10.35
v1.0.10.41
v1.0.10.43
v1.0.10.44
v1.0.10.45
v1.0.10.47
v1.0.10.48
v1.0.10.5
v1.0.10.7
v1.0.10.9
v1.0.11.11
v1.0.11.15
v1.0.11.17
v1.0.11.19
v1.0.11.21
v1.0.11.23
v1.0.11.25
v1.0.11.27
v1.0.11.28
v1.0.11.3
v1.0.11.7
v1.0.11.9
v1.0.15.1
v1.0.15.10
v1.0.15.11
v1.0.15.3
v1.0.15.5
v1.0.15.7
v1.0.15.9
v1.0.4.0
v1.0.4.1
v1.0.4.2
v1.0.5.0
v1.0.5.1
v1.0.6.22
v1.0.6.3
v1.0.6.5
v1.0.8.1
v1.0.8.11
v1.0.8.13
v1.0.8.15
v1.0.8.17
v1.0.8.19
v1.0.8.21
v1.0.8.26
v1.0.8.3
v1.0.8.5
v1.0.8.7
v1.0.8.9
v1.0.9.1
v1.0.9.10
v1.0.9.3
v1.0.9.5
v1.0.9.7
v1.0.9.9
v1.1.12.3
v1.1.12.4
v1.1.12.5
v1.1.13.1
v1.11.2.1
v1.11.2.2
v1.11.2.3
v1.11.2.4
v1.11.2.5
v1.13.6.1
v1.13.6.2
v1.15.8.1
v1.15.8.1rc1
v1.15.8.1rc2
v1.15.8.3
v1.17.8.1
v1.17.8.1rc1
v1.17.8.2
v1.19.3.1
v1.19.3.1rc0
v1.19.3.1rc1
v1.19.3.2
v1.19.9.1
v1.19.9.1rc1
v1.19.9.2
v1.2.1.1
v1.2.1.11
v1.2.1.13
v1.2.1.14
v1.2.1.3
v1.2.1.5
v1.2.1.7
v1.2.1.9
v1.2.3.1
v1.2.3.3
v1.2.3.5
v1.2.3.7
v1.2.3.8
v1.2.4.1
v1.2.4.11
v1.2.4.13
v1.2.4.14
v1.2.4.3
v1.2.4.5
v1.2.4.7
v1.2.4.9
v1.2.6.1
v1.2.6.3
v1.2.6.5
v1.2.6.6
v1.2.7.1
v1.2.7.3
v1.2.7.5
v1.2.7.6
v1.2.7.8
v1.2.8.1
v1.2.8.3
v1.2.8.5
v1.2.8.6
v1.21.4.1
v1.21.4.1rc1
v1.21.4.1rc2
v1.21.4.1rc3
v1.21.4.2
v1.21.4.2rc1
v1.21.4.3
v1.21.4.4
v1.25.3.1
v1.25.3.2
v1.27.1.1
v1.27.1.2
v1.4.1.1
v1.4.1.3
v1.4.2.1
v1.4.2.3
v1.4.2.5
v1.4.2.7
v1.4.2.8
v1.4.2.9
v1.4.3.1
v1.4.3.3
v1.4.3.4
v1.4.3.6
v1.4.3.7
v1.4.3.9
v1.5.11.1
v1.5.12.1
v1.5.8.1
v1.7.0.1
v1.7.10.1
v1.7.10.2
v1.7.2.1
v1.7.4.1
v1.7.7.1
v1.7.7.2
v1.9.15.1
v1.9.3.1
v1.9.3.1rc1
v1.9.3.2
v1.9.7.1
v1.9.7.2
v1.9.7.3
v1.9.7.4
v1.9.7.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1ddad1c2d4'
${ noResults }
Commit Graph

250 Commits (1ddad1c2d486ec4a71577586ac1108dd801f21b3)

Author SHA1 Message Date
James ZHANG 1ddad1c2d4 typo 8794ec03 6 years ago
James ZHANG ed3333f2c1 repair the `patch: cannot open` of ssl_cert_cb_yield.patch 
mention here: it was also caused the ssl_sess_cb_yield.patch failed with `Hunk 1 FAILED 1446/1446`
the bundle script should be existed while applying this patch failed
 6 years ago
James ZHANG 04bfe0c76f repair the `Hunk 2 FAILED 441/442` of pcre_conf_opt 
mention here: refer to nginx/nginx@c60b61a2, the md5 and sha1 were always used there.
 6 years ago
James ZHANG 13e92c4c38 repair the `Hunk 1 FAILED 1951/1951` of gcc-maybe-uninitialized-warning 
mention here: there was a fixing refer to nginx/nginx@8d97a2e4, this patch should be EOL
 6 years ago
James ZHANG 3c3d7269f7 repair the `Hunk 2 FAILED 1091/1092` of dtrace 6 years ago
James ZHANG d5357f9734 repair the `Hunk 1 FAILED 89/89` of no_Werror 6 years ago
James ZHANG a5c33f8ea7 repair the `Hunk 1 FAILED 22/22` of intercept-error-log patching 
mention here: the `src/core/ngx_cycle.h` was patched by `privileged-agent-process` before,
so that is break down to re-patch the same one file
 6 years ago
James ZHANG 8794ec037c repair the `Hunk 1 FAILED 981/981`, `Hunk 10 FAILED 1144/1184` of privileged-agent-process patching 6 years ago
James ZHANG 30a5346860 repair the `Hunk 1 FAILED 159/159` of stream_ssl_preread_no_skip patching 6 years ago
Thibault Charbonnier bad7098d88 patches: added the nginx-1.17.4 patches. 6 years ago
Thibault Charbonnier 59e4ef5c23 bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516). 6 years ago
Thibault Charbonnier 80ba3892c6 bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16843 CVE-2018-16844). 6 years ago
Datong Sun d5f48a8b75 bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845). 
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
spacewander cf7516fcbc optimize: added an NGINX core patch to ensure unused listening fds are closed when 'reuseport' is used. 
When `reuseport` is enabled in the `listen` directive, Nginx will create
a listening fd for each worker process in the master process.

These fds will be inherited by the worker processes, but most of them
are unused. For example, considering we have 32 listening ip:port
configurations and 64 worker processes, each worker process will inherit
2048 (32 * 64) listening fds, but only 32 fds are used. By closing the
unused fds, this change could save up to 2016 (32 * 63) fds in a worker
process.

It doesn't affect the listening socket, since there is only one used fd
which associates to the socket with or without this change.

Co-authored-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
spacewander 34918a30c3 bugfix: support yielding in 'certificate_by_lua_*' when 'ssl_early_data' is on. 
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
spacewander 2e480157a3 feature: supported OpenSSL 1.1.1 by upgrading the OpenSSL patch. 
Previously, we used the OpenSSL 1.1.1 ClientHello callback to do ssl
session fetching non-blockingly. However, this way cannot handle an edge
case: the ssl session resumption via session ticket might fail, and the
client fallbacks to session ID resumption. The ClientHello callback is
run too early to know if the client will fallback to use session ID
resumption.

Therefore, we have to take back the OpenSSL sess_set_get_cb_yield patch
and upgrade it to adapt OpenSSL 1.1.1.

Thanks Yongjian Xu and crasyangel for their help.

See 08e9e50.

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
Thibault Charbonnier a51fa56086 change: renamed the 'ssl_pending_session' patch to 'ssl_sess_cb_yield' for NGINX cores 1.17.1 and above. 
Its naming is now aligned with the `ssl_cert_cb_yield` patch.

See 08e9e50 for details on why this renaming was reverted for the 1.15.8
version of this patch.
 6 years ago
Thibault Charbonnier cef09e553f
upgraded the nginx core to 1.17.1. 6 years ago
Thibault Charbonnier 08e9e50782 Revert "feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1." 
This reverts commit 9e834398de.

Support for OpenSSL 1.1.1 will come with the 1.17.1 series of NGINX
patches. Since no other 1.15.8.* releases are planned, we are reverting
the state of the 1.15.8 patches to that of the 1.15.8.1 release.
 6 years ago
spacewander 9e834398de feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1. 
The patch was also renamed from `ssl_pending_session.patch` to
`ssl_sess_cb_yield.patch` (similarly to the existing
`ssl_cert_cb_yield.patch` one).

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
Yichun Zhang (agentzh) bf2e5697e1 bugfix: win32/win64: the error log buffer size was merely 2048 bytes (now updated to 4096 bytes). 
applied the win32_max_err_str patch for the nginx core.
 6 years ago
Yichun Zhang (agentzh) ed32897702 bugfix: added an openssl patch to fix the parallel build regression in openssl 1.1.0j. 6 years ago
spacewander 2879e59e7b feature: updated the socket_cloexec patches to support the ngx.pipe API. 
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 6 years ago
Yichun Zhang (agentzh) 8c8d51663e upgraded the nginx core 1.15.8. 6 years ago
Yichun Zhang (agentzh) b91001a87e upgraded the nginx core to 1.15.6. 7 years ago
Yichun Zhang (agentzh) f58e6eb013 upgraded the nginx core to 1.15.5. 7 years ago
Yichun Zhang (agentzh) a245ff1644 fixed the patch file name to be more consistent with other patches. 7 years ago
Yuansheng 17384566bb bugfix: nginx did not destroy the cycle memory pool before the daemon process exits. 
This is to make the nginx ASAN or Valgrind clean in daemon mode. It is
also meaningful when we have more sophisticated cleanup work needed in
the configuration initialization phase and handlers like init_by_lua*.
 7 years ago
Datong Sun f0e621b0c4 bugfix: nginx patch: do not build resolver parsing feature under Windows. 
bugfix: nginx patch: moved the include of resolv.h to after ngx_config.h to avoid compilation failures on FreeBSD.

bugfix: patch: updated safe_resolver_ipv6_option.patch with new offsets to avoid confusing patch while applying.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
Datong Sun ff89bf3ea1 resolv.conf: fixed a bug that when a newline character is present at the end of the resolv.conf file, the parser incorrectly included such newline in the parsed address. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
spacewander a4f399b3ac feature: added the socket_cloexec patch to ensure most of the nginx connections could be closed before child process terminates. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
Datong Sun 3d8b33f0e8 feature: added a patch for the nginx core to add the "local=/path/to/resolv.conf" option to the standard "resolver" config directive. 
This can enable the use of system-level nameserver configurations of
/etc/resolv.conf, for example, in nginx's own nonblocking DNS resolver.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
Datong Sun 93f785eed6 feature: added patches to the nginx core to make sure ngx_stream_ssl_preread_module will not skip the rest of the preread phase when SNI server name parsing was successful. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
Datong Sun 30fa60ad5d patches: updated 1.13.6 balancer_status_code.patch and added patch for 1.13.8 as well. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
spacewander ee6b26e347 feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0d and beyond. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
spacewander a0dc14761a feature: added the sess_set_get_cb_yield patch for OpenSSL 1.1.0c and beyond. 
The patch is based on

https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/1588.patch,

with some minor modifications.

Thanks Alessandro Ghedini for the ground work.

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 7 years ago
Yichun Zhang (agentzh) 84734aa1f9 bugfix: fixed double free issues in the new init_cycle_pool_release patch for the nginx core. 8 years ago
Yichun Zhang (agentzh) f721f66b4e feature: applied the init_cycle_pool_release patch to nginx 1.13.6+ cores to make it valgrind or asan clean. 8 years ago
Yichun Zhang (agentzh) a1109b8dd2 upgraded the nginx core to 1.13.6. 8 years ago
Datong Sun 94766f7a41 patches: ensure "server" header in HTTP/2 response shows "openresty" when server_tokens are turned off. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 8 years ago
Yichun Zhang (agentzh) 4eae6e2415 upgraded the nginx core to 1.13.5. 8 years ago
Yichun Zhang (agentzh) 3e2540f6a0 upgraded nginx core to 1.13.4. 8 years ago
Datong Sun 4b594fdce6 feature: added nginx core patches needed by ngx_stream_lua_module's balancer_by_lua*. 
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
 8 years ago
Yichun Zhang (agentzh) 1f2121b546 removed patches for the nginx 1.13.2 core. 8 years ago
Yichun Zhang (agentzh) 6237430ef4 upgraded nginx core to 1.13.3. 8 years ago
Yichun Zhang (agentzh) 967d1261cd added more fixes. 8 years ago
Yichun Zhang (agentzh) 1426d3283d fixed the dtrace patch for nginx. 8 years ago
Yichun Zhang (agentzh) 45a8fb27e4 fixed the upstream_timeout_fields patch for nginx. 8 years ago
Yichun Zhang (agentzh) 3c114dbe46 fixed the log_escape_non_ascii patch for the nginx core. 8 years ago
Yichun Zhang (agentzh) 20e70449f8 fixed the nginx server_header patch. 8 years ago