Changes with nginx 0.8.20 14 Oct 2009v0.8.20

    *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5".

    *) Bugfix: the ngx_http_autoindex_module did not show the trailing
       slash in links to a directory; the bug had appeared in 0.7.15.

    *) Bugfix: nginx did not close a log file set by the --error-log-path
       configuration option; the bug had appeared in 0.7.53.

    *) Bugfix: nginx did not treat a comma as separator in the
       "Cache-Control" backend response header line.

    *) Bugfix: nginx/Windows might not create temporary file, a cache file,
       or "proxy/fastcgi_store"d file if a worker has no enough access
       rights for top level directories.

    *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines
       were not hidden while caching if no "fastcgi_hide_header" directives
       were used with any parameters.

    *) Bugfix: nginx counted incorrectly disk cache size.

14 files changed, 130 insertions, 37 deletions

diff --git a/CHANGES b/CHANGES
index bf858efb9..84a9ad567 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,28 @@
 
+Changes with nginx 0.8.20                                        14 Oct 2009
+
+    *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5".
+
+    *) Bugfix: the ngx_http_autoindex_module did not show the trailing 
+       slash in links to a directory; the bug had appeared in 0.7.15.
+
+    *) Bugfix: nginx did not close a log file set by the --error-log-path 
+       configuration option; the bug had appeared in 0.7.53.
+
+    *) Bugfix: nginx did not treat a comma as separator in the 
+       "Cache-Control" backend response header line.
+
+    *) Bugfix: nginx/Windows might not create temporary file, a cache file, 
+       or "proxy/fastcgi_store"d file if a worker has no enough access 
+       rights for top level directories.
+
+    *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines 
+       were not hidden while caching if no "fastcgi_hide_header" directives 
+       were used with any parameters.
+
+    *) Bugfix: nginx counted incorrectly disk cache size.
+
+
 Changes with nginx 0.8.19                                        06 Oct 2009
 
     *) Change: now SSLv2 protocol is disabled by default.
diff --git a/CHANGES.ru b/CHANGES.ru
index 869a60426..22b719ca1 100644
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,30 @@
 
+Изменения в nginx 0.8.20                                          14.10.2009
+
+    *) Изменение: теперь по умолчанию используются следующие шифры SSL: 
+       "HIGH:!ADH:!MD5".
+
+    *) Исправление: модуль ngx_http_autoindex_module не показывал последний 
+       слэш для линков на каталоги; ошибка появилась в 0.7.15.
+
+    *) Исправление: nginx не закрывал лог, заданный параметром конфигурации 
+       --error-log-path; ошибка появилась в 0.7.53.
+
+    *) Исправление: nginx не считал запятую разделителем в строке 
+       "Cache-Control" в строке заголовка бэкенда.
+
+    *) Исправление: nginx/Windows мог не создать временный файл, файл в 
+       кэше или файл с помощью директив proxy/fastcgi_store, если рабочий 
+       процесс не имел достаточно прав для работы с каталогами верхнего 
+       уровня.
+
+    *) Исправление: строки "Set-Cookie" и "P3P" в заголовке ответа 
+       FastCGI-сервера не скрывались при кэшировании, если не 
+       использовались директивы fastcgi_hide_header с любыми параметрами.
+
+    *) Исправление: nginx неверно считал размер кэша на диске.
+
+
 Изменения в nginx 0.8.19                                          06.10.2009
 
     *) Изменение: теперь протокол SSLv2 по умолчанию запрещён.
diff --git a/src/core/nginx.c b/src/core/nginx.c
index eaae62e4b..29eee6a99 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -376,6 +376,13 @@ main(int argc, char *const *argv)
         }
     }
 
+    if (log->file->fd != ngx_stderr) {
+        if (ngx_close_file(log->file->fd) == NGX_FILE_ERROR) {
+            ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
+                          ngx_close_file_n " built-in log failed");
+        }
+    }
+
     ngx_use_stderr = 0;
 
     if (ngx_process == NGX_PROCESS_SINGLE) {
diff --git a/src/core/nginx.h b/src/core/nginx.h
index c6f3711a0..9d9af6e52 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -8,8 +8,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version         8019
-#define NGINX_VERSION      "0.8.19"
+#define nginx_version         8020
+#define NGINX_VERSION      "0.8.20"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c
index 45bb4ca4f..54adf3485 100644
--- a/src/core/ngx_file.c
+++ b/src/core/ngx_file.c
@@ -183,7 +183,15 @@ ngx_create_full_path(u_char *dir, ngx_uint_t access)
     u_char     *p, ch;
     ngx_err_t   err;
 
-    for (p = dir + 1; *p; p++) {
+    err = 0;
+
+#if (NGX_WIN32)
+    p = dir + 3;
+#else
+    p = dir + 1;
+#endif
+
+    for ( /* void */ ; *p; p++) {
         ch = *p;
 
         if (ch != '/') {
@@ -194,7 +202,14 @@ ngx_create_full_path(u_char *dir, ngx_uint_t access)
 
         if (ngx_create_dir(dir, access) == NGX_FILE_ERROR) {
             err = ngx_errno;
-            if (err != NGX_EEXIST) {
+
+            switch (err) {
+            case NGX_EEXIST:
+                err = 0;
+            case NGX_EACCES:
+                break;
+
+            default:
                 return err;
             }
         }
@@ -202,7 +217,7 @@ ngx_create_full_path(u_char *dir, ngx_uint_t access)
         *p = '/';
     }
 
-    return 0;
+    return err;
 }
 
 
diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c
index bdc52b644..a4a62e4cc 100644
--- a/src/http/modules/ngx_http_fastcgi_module.c
+++ b/src/http/modules/ngx_http_fastcgi_module.c
@@ -523,6 +523,23 @@ static ngx_str_t  ngx_http_fastcgi_hide_headers[] = {
 };
 
 
+#if (NGX_HTTP_CACHE)
+
+static ngx_str_t  ngx_http_fastcgi_hide_cache_headers[] = {
+    ngx_string("Status"),
+    ngx_string("X-Accel-Expires"),
+    ngx_string("X-Accel-Redirect"),
+    ngx_string("X-Accel-Limit-Rate"),
+    ngx_string("X-Accel-Buffering"),
+    ngx_string("X-Accel-Charset"),
+    ngx_string("Set-Cookie"),
+    ngx_string("P3P"),
+    ngx_null_string
+};
+
+#endif
+
+
 static ngx_path_init_t  ngx_http_fastcgi_temp_path = {
     ngx_string(NGX_HTTP_FASTCGI_TEMP_PATH), { 1, 2, 0 }
 };
@@ -1899,6 +1916,7 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     u_char                       *p;
     size_t                        size;
     uintptr_t                    *code;
+    ngx_str_t                    *h;
     ngx_uint_t                    i;
     ngx_keyval_t                 *src;
     ngx_hash_init_t               hash;
@@ -2119,10 +2137,18 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     hash.bucket_size = ngx_align(64, ngx_cacheline_size);
     hash.name = "fastcgi_hide_headers_hash";
 
+#if (NGX_HTTP_CACHE)
+
+    h = conf->upstream.cache ? ngx_http_fastcgi_hide_cache_headers:
+                               ngx_http_fastcgi_hide_headers;
+#else
+
+    h = ngx_http_fastcgi_hide_headers;
+
+#endif
+
     if (ngx_http_upstream_hide_headers_hash(cf, &conf->upstream,
-                                            &prev->upstream,
-                                            ngx_http_fastcgi_hide_headers,
-                                            &hash)
+                                            &prev->upstream, h, &hash)
         != NGX_OK)
     {
         return NGX_CONF_ERROR;
diff --git a/src/http/modules/ngx_http_random_index_module.c b/src/http/modules/ngx_http_random_index_module.c
index bb5544ae6..7b0ec503c 100644
--- a/src/http/modules/ngx_http_random_index_module.c
+++ b/src/http/modules/ngx_http_random_index_module.c
@@ -175,7 +175,7 @@ ngx_http_random_index_handler(ngx_http_request_t *r)
 
         len = ngx_de_namelen(&dir);
 
-        if (!dir.valid_type) {
+        if (dir.type == 0 || ngx_de_is_link(&dir)) {
 
             /* 1 byte for '/' and 1 byte for terminating '\0' */
 
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 1d67eeb26..94000fc1f 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
     ngx_pool_t *pool, ngx_str_t *s);
 
 
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
+#define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
 
 
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm
index 6e96912e7..90d7c4a49 100644
--- a/src/http/modules/perl/nginx.pm
+++ b/src/http/modules/perl/nginx.pm
@@ -47,7 +47,7 @@ our @EXPORT = qw(
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '0.8.19';
+our $VERSION = '0.8.20';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);
diff --git a/src/http/ngx_http_file_cache.c b/src/http/ngx_http_file_cache.c
index 4caca919a..0a9b761cd 100644
--- a/src/http/ngx_http_file_cache.c
+++ b/src/http/ngx_http_file_cache.c
@@ -692,7 +692,7 @@ ngx_http_file_cache_set_header(ngx_http_request_t *r, u_char *buf)
 void
 ngx_http_file_cache_update(ngx_http_request_t *r, ngx_temp_file_t *tf)
 {
-    off_t                   size;
+    off_t                   size, length;
     ngx_int_t               rc;
     ngx_file_uniq_t         uniq;
     ngx_file_info_t         fi;
@@ -714,6 +714,7 @@ ngx_http_file_cache_update(ngx_http_request_t *r, ngx_temp_file_t *tf)
     cache = c->file_cache;
 
     uniq = 0;
+    length = 0;
 
     ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "http file cache rename: \"%s\" to \"%s\"",
@@ -738,10 +739,11 @@ ngx_http_file_cache_update(ngx_http_request_t *r, ngx_temp_file_t *tf)
 
         } else {
             uniq = ngx_file_uniq(&fi);
+            length = ngx_file_size(&fi);
         }
     }
 
-    size = (c->length + cache->bsize - 1) / cache->bsize;
+    size = (length + cache->bsize - 1) / cache->bsize;
 
     ngx_shmtx_lock(&cache->shpool->mutex);
 
@@ -751,7 +753,7 @@ ngx_http_file_cache_update(ngx_http_request_t *r, ngx_temp_file_t *tf)
 
     size = size - (c->node->length + cache->bsize - 1) / cache->bsize;
 
-    c->node->length = c->length;
+    c->node->length = length;
 
     cache->sh->size += size;
 
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 1e79a4f10..b95db57a7 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2098,11 +2098,6 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
             r->cache->date = now;
             r->cache->body_start = (u_short) (u->buffer.pos - u->buffer.start);
 
-            if (r->headers_out.content_length_n != -1) {
-                r->cache->length = r->cache->body_start
-                                   + r->headers_out.content_length_n;
-            }
-
             ngx_http_file_cache_set_header(r, u->buffer.start);
 
         } else {
@@ -3040,7 +3035,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
     n = 0;
 
     for (p += 8; p < last; p++) {
-        if (*p == ';' || *p == ' ') {
+        if (*p == ',' || *p == ';' || *p == ' ') {
             break;
         }
 
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index c9a9f35d8..90f2b1b2b 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -9,7 +9,7 @@
 #include <ngx_mail.h>
 
 
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
+#define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
 
 
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c
index 2154bed49..618d4e214 100644
--- a/src/os/unix/ngx_files.c
+++ b/src/os/unix/ngx_files.c
@@ -274,9 +274,8 @@ ngx_read_dir(ngx_dir_t *dir)
     if (dir->de) {
 #if (NGX_HAVE_D_TYPE)
         dir->type = dir->de->d_type;
-        dir->valid_type = dir->type ? 1 : 0;
 #else
-        dir->valid_type = 0;
+        dir->type = 0;
 #endif
         return NGX_OK;
     }
diff --git a/src/os/unix/ngx_files.h b/src/os/unix/ngx_files.h
index 832dbbe0f..9cdfeabfe 100644
--- a/src/os/unix/ngx_files.h
+++ b/src/os/unix/ngx_files.h
@@ -24,7 +24,6 @@ typedef struct {
 
     unsigned                     type:8;
     unsigned                     valid_info:1;
-    unsigned                     valid_type:1;
 } ngx_dir_t;
 
 
@@ -200,31 +199,31 @@ ngx_int_t ngx_read_dir(ngx_dir_t *dir);
 #else
 #define ngx_de_namelen(dir)      ngx_strlen((dir)->de->d_name)
 #endif
-#define ngx_de_info(name, dir)   stat((const char *) name, &(dir)->info)
+
+static ngx_inline ngx_int_t
+ngx_de_info(u_char *name, ngx_dir_t *dir)
+{
+    dir->type = 0;
+    return stat((const char *) name, &dir->info);
+}
+
 #define ngx_de_info_n            "stat()"
 #define ngx_de_link_info(name, dir)  lstat((const char *) name, &(dir)->info)
 #define ngx_de_link_info_n       "lstat()"
 
 #if (NGX_HAVE_D_TYPE)
 
-#if (NGX_LINUX)
-
-/* XFS on Linux does not set dirent.d_type */
+/*
+ * some file systems (e.g. XFS on Linux and CD9660 on FreeBSD)
+ * do not set dirent.d_type
+ */
 
 #define ngx_de_is_dir(dir)                                                   \
     (((dir)->type) ? ((dir)->type == DT_DIR) : (S_ISDIR((dir)->info.st_mode)))
 #define ngx_de_is_file(dir)                                                  \
     (((dir)->type) ? ((dir)->type == DT_REG) : (S_ISREG((dir)->info.st_mode)))
 #define ngx_de_is_link(dir)                                                  \
-    (((dir)->type) ? ((dir)->type == DT_LINK) : (S_ISLNK((dir)->info.st_mode)))
-
-#else
-
-#define ngx_de_is_dir(dir)       ((dir)->type == DT_DIR)
-#define ngx_de_is_file(dir)      ((dir)->type == DT_REG)
-#define ngx_de_is_link(dir)      ((dir)->type == DT_LINK)
-
-#endif /* NGX_LINUX */
+    (((dir)->type) ? ((dir)->type == DT_LNK) : (S_ISLNK((dir)->info.st_mode)))
 
 #else