Changes with nginx 1.4.2 17 Jul 2013v1.4.2

*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.

*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.

*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.

*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.

*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.

*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.

12 files changed, 107 insertions, 24 deletions

diff --git a/CHANGES b/CHANGES
index fd42b20ee..bbc3eb931 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,28 @@
 
+Changes with nginx 1.4.2                                         17 Jul 2013
+
+    *) Bugfix: the $r->header_in() embedded perl method did not return value
+       of the "Cookie" and "X-Forwarded-For" request header lines; the bug
+       had appeared in 1.3.14.
+
+    *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
+       without ngx_http_ssl_module; the bug had appeared in 1.3.14.
+
+    *) Bugfix: in the "proxy_set_body" directive.
+       Thanks to Lanshun Zhou.
+
+    *) Bugfix: the "fail_timeout" parameter of the "server" directive in the
+       "upstream" context might not work if "max_fails" parameter was used;
+       the bug had appeared in 1.3.0.
+
+    *) Bugfix: a segmentation fault might occur in a worker process if the
+       "ssl_stapling" directive was used.
+       Thanks to Piotr Sikora.
+
+    *) Bugfix: nginx/Windows might stop accepting connections if several
+       worker processes were used.
+
+
 Changes with nginx 1.4.1                                         07 May 2013
 
     *) Security: a stack-based buffer overflow might occur in a worker
diff --git a/CHANGES.ru b/CHANGES.ru
index 12856d8ea..18f1371c3 100644
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,28 @@
 
+Изменения в nginx 1.4.2                                           17.07.2013
+
+    *) Исправление: метод $r->header_in() встроенного перла не возвращал
+       значения строк "Cookie" и "X-Forwarded-For" из заголовка запроса;
+       ошибка появилась в 1.3.14.
+
+    *) Исправление: nginx не собирался с модулем ngx_mail_ssl_module, но без
+       модуля ngx_http_ssl_module; ошибка появилась в 1.3.14.
+
+    *) Исправление: в директиве proxy_set_body.
+       Спасибо Lanshun Zhou.
+
+    *) Исправление: параметр fail_timeout директивы server в блоке upstream
+       мог не работать, если использовался параметр max_fails; ошибка
+       появилась в 1.3.0.
+
+    *) Исправление: в рабочем процессе мог произойти segmentation fault,
+       если использовалась директива ssl_stapling.
+       Спасибо Piotr Sikora.
+
+    *) Исправление: nginx/Windows мог перестать принимать соединения, если
+       использовалось несколько рабочих процессов.
+
+
 Изменения в nginx 1.4.1                                           07.05.2013
 
     *) Безопасность: при обработке специально созданного запроса мог
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 6b97454f2..b1107adea 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1004001
-#define NGINX_VERSION      "1.4.1"
+#define nginx_version      1004002
+#define NGINX_VERSION      "1.4.2"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index b7205f45b..c4c61204b 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -607,6 +607,17 @@ ngx_event_process_init(ngx_cycle_t *cycle)
         ngx_use_accept_mutex = 0;
     }
 
+#if (NGX_WIN32)
+
+    /*
+     * disable accept mutex on win32 as it may cause deadlock if
+     * grabbed by a process which can't accept connections
+     */
+
+    ngx_use_accept_mutex = 0;
+
+#endif
+
 #if (NGX_THREADS)
     ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0);
     if (ngx_posted_events_mutex == NULL) {
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index aaa8d8ac4..77baeb98f 100644
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -611,15 +611,14 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
         != 1)
     {
         ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
-                      "certificate status not found in the OCSP response",
-                      n, OCSP_response_status_str(n));
+                      "certificate status not found in the OCSP response");
         goto error;
     }
 
     if (n != V_OCSP_CERTSTATUS_GOOD) {
         ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
                       "certificate status \"%s\" in the OCSP response",
-                      n, OCSP_cert_status_str(n));
+                      OCSP_cert_status_str(n));
         goto error;
     }
 
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index eadc8c480..5e62caa30 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -615,7 +615,8 @@ static ngx_http_variable_t  ngx_http_proxy_vars[] = {
 #endif
 
     { ngx_string("proxy_internal_body_length"), NULL,
-      ngx_http_proxy_internal_body_length_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
+      ngx_http_proxy_internal_body_length_variable, 0,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
     { ngx_null_string, NULL, NULL, 0, 0, 0 }
 };
diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c
index 87c4d8d61..dbef95d41 100644
--- a/src/http/modules/ngx_http_upstream_least_conn_module.c
+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c
@@ -282,7 +282,10 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
     }
 
     best->current_weight -= total;
-    best->checked = now;
+
+    if (now - best->checked > best->fail_timeout) {
+        best->checked = now;
+    }
 
     pc->sockaddr = best->sockaddr;
     pc->socklen = best->socklen;
diff --git a/src/http/modules/perl/nginx.xs b/src/http/modules/perl/nginx.xs
index bbfef079c..77fb65373 100644
--- a/src/http/modules/perl/nginx.xs
+++ b/src/http/modules/perl/nginx.xs
@@ -222,10 +222,11 @@ header_in(r, key)
     dXSTARG;
     ngx_http_request_t         *r;
     SV                         *key;
-    u_char                     *p, *lowcase_key, *cookie;
+    u_char                     *p, *lowcase_key, *value, sep;
     STRLEN                      len;
     ssize_t                     size;
     ngx_uint_t                  i, n, hash;
+    ngx_array_t                *a;
     ngx_list_part_t            *part;
     ngx_table_elt_t            *h, **ph;
     ngx_http_header_t          *hh;
@@ -255,6 +256,19 @@ header_in(r, key)
     hh = ngx_hash_find(&cmcf->headers_in_hash, hash, lowcase_key, len);
 
     if (hh) {
+
+        if (hh->offset == offsetof(ngx_http_headers_in_t, cookies)) {
+            sep = ';';
+            goto multi;
+        }
+
+    #if (NGX_HTTP_X_FORWARDED_FOR)
+        if (hh->offset == offsetof(ngx_http_headers_in_t, x_forwarded_for)) {
+            sep = ',';
+            goto multi;
+        }
+    #endif
+
         if (hh->offset) {
 
             ph = (ngx_table_elt_t **) ((char *) &r->headers_in + hh->offset);
@@ -268,15 +282,19 @@ header_in(r, key)
             XSRETURN_UNDEF;
         }
 
-        /* Cookie */
+    multi:
+
+        /* Cookie, X-Forwarded-For */
 
-        n = r->headers_in.cookies.nelts;
+        a = (ngx_array_t *) ((char *) &r->headers_in + hh->offset);
+
+        n = a->nelts;
 
         if (n == 0) {
             XSRETURN_UNDEF;
         }
 
-        ph = r->headers_in.cookies.elts;
+        ph = a->elts;
 
         if (n == 1) {
             ngx_http_perl_set_targ((*ph)->value.data, (*ph)->value.len);
@@ -290,12 +308,12 @@ header_in(r, key)
             size += ph[i]->value.len + sizeof("; ") - 1;
         }
 
-        cookie = ngx_pnalloc(r->pool, size);
-        if (cookie == NULL) {
+        value = ngx_pnalloc(r->pool, size);
+        if (value == NULL) {
             XSRETURN_UNDEF;
         }
 
-        p = cookie;
+        p = value;
 
         for (i = 0; /* void */ ; i++) {
             p = ngx_copy(p, ph[i]->value.data, ph[i]->value.len);
@@ -304,10 +322,10 @@ header_in(r, key)
                 break;
             }
 
-            *p++ = ';'; *p++ = ' ';
+            *p++ = sep; *p++ = ' ';
         }
 
-        ngx_http_perl_set_targ(cookie, size);
+        ngx_http_perl_set_targ(value, size);
 
         goto done;
     }
@@ -419,7 +437,7 @@ request_body(r)
 
     p = ngx_pnalloc(r->pool, len);
     if (p == NULL) {
-        return XSRETURN_UNDEF;
+        XSRETURN_UNDEF;
     }
 
     data = p;
diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h
index 3d758bfd9..d4dc1bd94 100644
--- a/src/http/ngx_http.h
+++ b/src/http/ngx_http.h
@@ -89,7 +89,7 @@ ngx_int_t ngx_http_add_listen(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
 void ngx_http_init_connection(ngx_connection_t *c);
 void ngx_http_close_connection(ngx_connection_t *c);
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
 int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
 #endif
 
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 8942deb33..c8c5d153f 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1955,7 +1955,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
 
     hc = r->http_connection;
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
 
     if (hc->ssl_servername) {
         if (hc->ssl_servername->len == host->len
@@ -1986,7 +1986,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
         return NGX_ERROR;
     }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
 
     if (hc->ssl_servername) {
         ngx_http_ssl_srv_conf_t  *sscf;
@@ -2053,7 +2053,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
 
         sn = virtual_names->regex;
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
 
         if (r == NULL) {
             ngx_http_connection_t  *hc;
@@ -2085,7 +2085,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
             return NGX_DECLINED;
         }
 
-#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
+#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */
 
         for (i = 0; i < virtual_names->nregex; i++) {
 
diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
index 5c62785e2..bd842df7e 100644
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -295,7 +295,7 @@ typedef struct {
     ngx_http_addr_conf_t             *addr_conf;
     ngx_http_conf_ctx_t              *conf_ctx;
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
     ngx_str_t                        *ssl_servername;
 #if (NGX_PCRE)
     ngx_http_regex_t                 *ssl_servername_regex;
diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
index d786ed142..e0c6c58c7 100644
--- a/src/http/ngx_http_upstream_round_robin.c
+++ b/src/http/ngx_http_upstream_round_robin.c
@@ -523,7 +523,10 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp)
     rrp->tried[n] |= m;
 
     best->current_weight -= total;
-    best->checked = now;
+
+    if (now - best->checked > best->fail_timeout) {
+        best->checked = now;
+    }
 
     return best;
 }