Merge remote-tracking branch 'upstream/master'

Author: splitice

.gitignore

@@ -26,6 +26,7 @@ test/blib
 test.sh
 t.sh
 t/t.sh
+t/servroot*
 test/t/servroot/
 releng
 reset

.travis.yml

@@ -1,5 +1,5 @@
 sudo: required
-dist: trusty
+dist: xenial
 
 os: linux
 
@@ -48,10 +48,9 @@ env:
     - DRIZZLE_VER=2011.07.21
     - TEST_NGINX_SLEEP=0.006
   matrix:
-    - NGINX_VERSION=1.13.6 OPENSSL_VER=1.0.2n OPENSSL_OPT="" OPENSSL_PATCH_VER=1.0.2h
-    - NGINX_VERSION=1.13.6 OPENSSL_VER=1.1.0h OPENSSL_OPT="" OPENSSL_PATCH_VER=1.1.0d
-    # TODO: when adding an OpenSSL version >= 1.1.1, please add "enable-tls1_3"
-    # to $OPENSSL_OPT.
+    - NGINX_VERSION=1.15.8 OPENSSL_VER=1.0.2s OPENSSL_PATCH_VER=1.0.2h
+    - NGINX_VERSION=1.15.8 OPENSSL_VER=1.1.0k OPENSSL_PATCH_VER=1.1.0d
+    - NGINX_VERSION=1.15.8 OPENSSL_VER=1.1.1c OPENSSL_PATCH_VER=""
 
 services:
  - memcache
@@ -96,6 +95,8 @@ before_script:
 
 script:
   - sudo iptables -I OUTPUT 1 -p udp --dport 10086 -j REJECT
+  - sudo iptables -A OUTPUT -p tcp --dst 127.0.0.2 --dport 12345 -j DROP
+  - sudo iptables -A OUTPUT -p udp --dst 127.0.0.2 --dport 12345 -j DROP
   - cd luajit2/
   - make -j$JOBS CCDEBUG=-g Q= PREFIX=$LUAJIT_PREFIX CC=$CC XCFLAGS='-DLUA_USE_APICHECK -DLUA_USE_ASSERT -msse4.2' > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make install PREFIX=$LUAJIT_PREFIX > build.log 2>&1 || (cat build.log && exit 1)
@@ -114,8 +115,8 @@ script:
   - cd ..
   - tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
   - cd openssl-$OPENSSL_VER/
-  - patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch
-  - ./config no-threads shared enable-ssl3 enable-ssl3-method $OPENSSL_OPT -g --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
+  - if [ -n "$OPENSSL_PATCH_VER" ]; then patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; fi
+  - ./config no-threads shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)
   - cd ..

README.markdown

@@ -8,6 +8,8 @@ Name
 
 ngx_http_lua_module - Embed the power of Lua into Nginx HTTP Servers.
 
+This module is a core component of OpenResty. If you are using this module, then you are essentially using OpenResty :)
+
 *This module is not distributed with the Nginx source.* See [the installation instructions](#installation).
 
 Table of Contents
@@ -61,7 +63,7 @@ Production ready.
 Version
 =======
 
-This document describes ngx_lua [v0.10.13](https://github.com/openresty/lua-nginx-module/tags) released on 22 April 2018.
+This document describes ngx_lua [v0.10.15](https://github.com/openresty/lua-nginx-module/tags) released on March 14th, 2019.
 
 Synopsis
 ========
@@ -186,6 +188,8 @@ Synopsis
 Description
 ===========
 
+This module is a core component of OpenResty. If you are using this module, then you are essentially using OpenResty :)
+
 This module embeds Lua, via [LuaJIT 2.0/2.1](http://luajit.org/luajit.html), into Nginx and by leveraging Nginx's subrequests, allows the integration of the powerful Lua threads (Lua coroutines) into the Nginx event model.
 
 Unlike [Apache's mod_lua](https://httpd.apache.org/docs/trunk/mod/mod_lua.html) and [Lighttpd's mod_magnet](http://redmine.lighttpd.net/wiki/1/Docs:ModMagnet), Lua code executed using this module can be *100% non-blocking* on network traffic as long as the [Nginx API for Lua](#nginx-api-for-lua) provided by this module is used to handle
@@ -248,6 +252,8 @@ Nginx Compatibility
 
 The latest version of this module is compatible with the following versions of Nginx:
 
+* 1.15.x  (last tested: 1.15.8)
+* 1.14.x
 * 1.13.x  (last tested: 1.13.6)
 * 1.12.x
 * 1.11.x  (last tested: 1.11.2)
@@ -956,7 +962,7 @@ This module is licensed under the BSD license.
 
 Copyright (C) 2009-2017, by Xiaozhe Wang (chaoslawful) <chaoslawful@gmail.com>.
 
-Copyright (C) 2009-2018, by Yichun "agentzh" Zhang (章亦春) <agentzh@gmail.com>, OpenResty Inc.
+Copyright (C) 2009-2019, by Yichun "agentzh" Zhang (章亦春) <agentzh@gmail.com>, OpenResty Inc.
 
 All rights reserved.
 
@@ -1000,6 +1006,7 @@ See Also
 Directives
 ==========
 
+* [lua_load_resty_core](#lua_load_resty_core)
 * [lua_capture_error_log](#lua_capture_error_log)
 * [lua_use_default_type](#lua_use_default_type)
 * [lua_malloc_trim](#lua_malloc_trim)
@@ -1065,6 +1072,7 @@ Directives
 * [lua_check_client_abort](#lua_check_client_abort)
 * [lua_max_pending_timers](#lua_max_pending_timers)
 * [lua_max_running_timers](#lua_max_running_timers)
+* [lua_sa_restart](#lua_sa_restart)
 
 
 The basic building blocks of scripting Nginx with Lua are directives. Directives are used to specify when the user Lua code is run and
@@ -1074,6 +1082,38 @@ how the result will be used. Below is a diagram showing the order in which direc
 
 [Back to TOC](#table-of-contents)
 
+lua_load_resty_core
+-------------------
+
+**syntax:** *lua_load_resty_core on|off*
+
+**default:** *lua_load_resty_core on*
+
+**context:** *http*
+
+Controls whether the `resty.core` module (from
+[lua-resty-core](https://github.com/openresty/lua-resty-core)) should be loaded
+or not. When enabled, this directive is equivalent to executing the following
+when the Lua VM is created:
+
+```lua
+
+ require "resty.core"
+```
+
+Note that usage of the `resty.core` module is recommended, as its
+FFI implementation is both faster, safer, and more complete than the Lua C API
+of the ngx_lua module.
+
+It must also be noted that the Lua C API of the ngx_lua module will eventually
+be removed, and usage of the FFI-based API (i.e. the `resty.core`
+module) will become mandatory. This directive only aims at providing a
+temporary backwards-compatibility mode in case of edge-cases.
+
+This directive was first introduced in the `v0.10.15` release.
+
+[Back to TOC](#directives)
+
 lua_capture_error_log
 ---------------------
 **syntax:** *lua_capture_error_log size*
@@ -2583,15 +2623,18 @@ But do not forget to comment this line out before publishing your site to the wo
 If you are using the [official pre-built packages](http://openresty.org/en/linux-packages.html) for [OpenResty](https://openresty.org/)
 1.11.2.1 or later, then everything should work out of the box.
 
-If you are using OpenSSL libraries not provided by [OpenResty](https://openresty.org),
-then you need to apply the following patch for OpenSSL 1.0.2h or later:
+If you are not using one of the [OpenSSL
+packages](https://openresty.org/en/linux-packages.html) provided by
+[OpenResty](https://openresty.org), you will need to apply patches to OpenSSL
+1.0.2, up to (and including) 1.1.0:
 
-<https://github.com/openresty/openresty/blob/master/patches/openssl-1.0.2h-sess_set_get_cb_yield.patch>
+<https://openresty.org/en/openssl-patches.html>
 
-If you are not using the NGINX core shipped with [OpenResty](https://openresty.org) 1.11.2.1 or later, then you need to
-apply the following patch to the standard NGINX core 1.11.2 or later:
+Similarly, if you are not using the NGINX core shipped with
+[OpenResty](https://openresty.org) 1.11.2.1 or later, you will need to apply
+patches to the standard NGINX core:
 
-<http://openresty.org/download/nginx-1.11.2-nonblocking_ssl_handshake_hooks.patch>
+<https://openresty.org/en/nginx-ssl-patches.html>
 
 This directive was first introduced in the `v0.10.6` release.
 
@@ -3069,6 +3112,23 @@ This directive was first introduced in the `v0.8.0` release.
 
 [Back to TOC](#directives)
 
+lua_sa_restart
+--------------
+
+**syntax:** *lua_sa_restart on|off*
+
+**default:** *lua_sa_restart on*
+
+**context:** *http*
+
+When enabled, this module will set the `SA_RESTART` flag on nginx workers signal dispositions.
+
+This allows Lua I/O primitives to not be interrupted by nginx's handling of various signals.
+
+This directive was first introduced in the `v0.10.14` release.
+
+[Back to TOC](#directives)
+
 Nginx API for Lua
 =================
 
@@ -4264,7 +4324,7 @@ ngx.req.get_method
 ------------------
 **syntax:** *method_name = ngx.req.get_method()*
 
-**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, balancer_by_lua&#42;*
+**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, balancer_by_lua&#42;, log_by_lua&#42;*
 
 Retrieves the current request's request method name. Strings like `"GET"` and `"POST"` are returned instead of numerical [method constants](#http-method-constants).
 
@@ -6683,7 +6743,7 @@ ngx.shared.DICT.flush_expired
 
 Flushes out the expired items in the dictionary, up to the maximal number specified by the optional `max_count` argument. When the `max_count` argument is given `0` or not given at all, then it means unlimited. Returns the number of items that have actually been flushed.
 
-Unlike the [flush_all](#ngxshareddictflush_all) method, this method actually free up the memory used by the expired items.
+Unlike the [flush_all](#ngxshareddictflush_all) method, this method actually frees up the memory used by the expired items.
 
 This feature was first introduced in the `v0.6.3` release.
 
@@ -7073,6 +7133,43 @@ An optional Lua table can be specified as the last argument to this method to sp
 * `pool`
 	specify a custom name for the connection pool being used. If omitted, then the connection pool name will be generated from the string template `"<host>:<port>"` or `"<unix-socket-path>"`.
 
+* `pool_size`
+	specify the size of the connection pool. If omitted and no
+	`backlog` option was provided, no pool will be created. If omitted
+	but `backlog` was provided, the pool will be created with a default
+	size equal to the value of the [lua_socket_pool_size](#lua_socket_pool_size)
+	directive.
+	The connection pool holds up to `pool_size` alive connections
+	ready to be reused by subsequent calls to [connect](#tcpsockconnect), but
+	note that there is no upper limit to the total number of opened connections
+	outside of the pool. If you need to restrict the total number of opened
+	connections, specify the `backlog` option.
+	When the connection pool would exceed its size limit, the least recently used
+	(kept-alive) connection already in the pool will be closed to make room for
+	the current connection.
+	Note that the cosocket connection pool is per Nginx worker process rather
+	than per Nginx server instance, so the size limit specified here also applies
+	to every single Nginx worker process. Also note that the size of the connection
+	pool cannot be changed once it has been created.
+	This option was first introduced in the `v0.10.14` release.
+
+* `backlog`
+	if specified, this module will limit the total number of opened connections
+	for this pool. No more connections than `pool_size` can be opened
+	for this pool at any time. If the connection pool is full, subsequent
+	connect operations will be queued into a queue equal to this option's
+	value (the "backlog" queue).
+	If the number of queued connect operations is equal to `backlog`,
+	subsequent connect operations will fail and return `nil` plus the
+	error string `"too many waiting connect operations"`.
+	The queued connect operations will be resumed once the number of connections
+	in the pool is less than `pool_size`.
+	The queued connect operation will abort once they have been queued for more
+	than `connect_timeout`, controlled by
+	[settimeouts](#tcpsocksettimeouts), and will return `nil` plus
+	the error string `"timeout"`.
+	This option was first introduced in the `v0.10.14` release.
+
 The support for the options table argument was first introduced in the `v0.5.7` release.
 
 This method was first introduced in the `v0.5.0rc1` release.
@@ -7218,7 +7315,7 @@ Timeout for the reading operation is controlled by the [lua_socket_read_timeout]
 ```lua
 
  sock:settimeouts(1000, 1000, 1000)  -- one second timeout for connect/read/write
- local data, err = sock:receiveany(10 * 1024 * 1024) -- read any data, at most 10K
+ local data, err = sock:receiveany(10 * 1024) -- read any data, at most 10K
  if not data then
      ngx.say("failed to read any data: ", err)
      return
@@ -7404,13 +7501,31 @@ Puts the current socket's connection immediately into the cosocket built-in conn
 
 The first optional argument, `timeout`, can be used to specify the maximal idle timeout (in milliseconds) for the current connection. If omitted, the default setting in the [lua_socket_keepalive_timeout](#lua_socket_keepalive_timeout) config directive will be used. If the `0` value is given, then the timeout interval is unlimited.
 
-The second optional argument, `size`, can be used to specify the maximal number of connections allowed in the connection pool for the current server (i.e., the current host-port pair or the unix domain socket file path). Note that the size of the connection pool cannot be changed once the pool is created. When this argument is omitted, the default setting in the [lua_socket_pool_size](#lua_socket_pool_size) config directive will be used.
-
-When the connection pool exceeds the available size limit, the least recently used (idle) connection already in the pool will be closed to make room for the current connection.
-
-Note that the cosocket connection pool is per Nginx worker process rather than per Nginx server instance, so the size limit specified here also applies to every single Nginx worker process.
-
-Idle connections in the pool will be monitored for any exceptional events like connection abortion or unexpected incoming data on the line, in which cases the connection in question will be closed and removed from the pool.
+The second optional argument `size` is considered deprecated since
+the `v0.10.14` release of this module, in favor of the
+`pool_size` option of the [connect](#tcpsockconnect) method.
+Since the `v0.10.14` release, this option will only take effect if
+the call to [connect](#tcpsockconnect) did not already create a connection
+pool.
+When this option takes effect (no connection pool was previously created by
+[connect](#tcpsockconnect)), it will specify the size of the connection pool,
+and create it.
+If omitted (and no pool was previously created), the default size is the value
+of the [lua_socket_pool_size](#lua_socket_pool_size) directive.
+The connection pool holds up to `size` alive connections ready to be
+reused by subsequent calls to [connect](#tcpsockconnect), but note that there
+is no upper limit to the total number of opened connections outside of the
+pool.
+When the connection pool would exceed its size limit, the least recently used
+(kept-alive) connection already in the pool will be closed to make room for
+the current connection.
+Note that the cosocket connection pool is per Nginx worker process rather
+than per Nginx server instance, so the size limit specified here also applies
+to every single Nginx worker process. Also note that the size of the connection
+pool cannot be changed once it has been created.
+If you need to restrict the total number of opened connections, specify both
+the `pool_size` and `backlog` option in the call to
+[connect](#tcpsockconnect).
 
 In case of success, this method returns `1`; otherwise, it returns `nil` and a string describing the error.
 

config

@@ -362,6 +362,7 @@ HTTP_LUA_SRCS=" \
             $ngx_addon_dir/src/ngx_http_lua_ssl.c \
             $ngx_addon_dir/src/ngx_http_lua_log_ringbuf.c \
             $ngx_addon_dir/src/ngx_http_lua_input_filters.c \
+            $ngx_addon_dir/src/ngx_http_lua_pipe.c \
             "
 
 HTTP_LUA_DEPS=" \
@@ -424,6 +425,7 @@ HTTP_LUA_DEPS=" \
             $ngx_addon_dir/src/ngx_http_lua_ssl.h \
             $ngx_addon_dir/src/ngx_http_lua_log_ringbuf.h \
             $ngx_addon_dir/src/ngx_http_lua_input_filters.h \
+            $ngx_addon_dir/src/ngx_http_lua_pipe.h \
             "
 
 CFLAGS="$CFLAGS -DNDK_SET_VAR"
@@ -476,6 +478,17 @@ ngx_feature_test='setsockopt(1, SOL_SOCKET, SO_PASSCRED, NULL, 0);'
 
 . auto/feature
 
+ngx_feature="SA_RESTART"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_SA_RESTART"
+ngx_feature_run=no
+ngx_feature_incs="#include <signal.h>"
+ngx_feature_path=
+ngx_feature_test='struct sigaction act;
+                  act.sa_flags |= SA_RESTART;'
+
+. auto/feature
+
 ngx_feature="__attribute__(constructor)"
 ngx_feature_libs=
 ngx_feature_name="NGX_HTTP_LUA_HAVE_CONSTRUCTOR"
@@ -514,6 +527,51 @@ CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
 
 # ----------------------------------------
 
+ngx_feature="pipe2"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_PIPE2"
+ngx_feature_run=no
+ngx_feature_incs="#include <fcntl.h>"
+ngx_feature_test="int fd[2]; pipe2(fd, O_CLOEXEC|O_NONBLOCK);"
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
+ngx_feature="signalfd"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_SIGNALFD"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/signalfd.h>"
+ngx_feature_test="sigset_t set; signalfd(-1, &set, SFD_NONBLOCK|SFD_CLOEXEC);"
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
+ngx_feature="execvpe"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_EXECVPE"
+ngx_feature_run=no
+ngx_feature_incs=
+ngx_feature_test='char* argv[] = {"/bin/sh"};execvpe("/bin/sh", argv, NULL);'
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
 if test -n "$ngx_module_link"; then
     ngx_module_type=HTTP_AUX_FILTER
     ngx_module_name=$ngx_addon_name