WEBKAOS 1.13.0

Author: andyone

SOURCES/webkaos-1.11.13-lua-build-fix.patch renamed to SOURCES/webkaos-1.13.0-lua-build-fix.patch

@@ -1,38 +1,15 @@
-What we do now:
-We use a static record size of 4K. This gives a good balance of latency and
-throughput.
-
-Optimize latency:
-By initialy sending small (1 TCP segment) sized records, we are able to avoid
-HoL blocking of the first byte. This means TTFB is sometime lower by a whole
-RTT.
-
-Optimizing throughput:
-By sending increasingly larger records later in the connection, when HoL is not
-a problem, we reduce the overhead of TLS record (29 bytes per record with
-GCM/CHACHA-POLY).
-
-Logic:
-Start each connection with small records (1369 byte default, change with
-ssl_dyn_rec_size_lo). After a given number of records (40, change with
-ssl_dyn_rec_threshold) start sending larger records (4229, ssl_dyn_rec_size_hi).
-Eventually after the same number of records, start sending the largest records
-(ssl_buffer_size).
-In case the connection idles for a given amount of time (1s,
-ssl_dyn_rec_timeout), the process repeats itself (i.e. begin sending small
-records again).
-
---- a/src/event/ngx_event_openssl.c
-+++ b/src/event/ngx_event_openssl.c
-@@ -1131,6 +1131,7 @@
+diff -urN nginx-1.13.0-orig/src/event/ngx_event_openssl.c nginx-1.13.0/src/event/ngx_event_openssl.c
+--- nginx-1.13.0-orig/src/event/ngx_event_openssl.c	2017-04-25 17:13:00.633648942 -0400
++++ nginx-1.13.0/src/event/ngx_event_openssl.c	2017-04-25 17:39:34.000000000 -0400
+@@ -1173,6 +1173,7 @@
 
      sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
      sc->buffer_size = ssl->buffer_size;
 +    sc->dyn_rec = ssl->dyn_rec;
 
      sc->session_ctx = ssl->ctx;
 
-@@ -1669,6 +1670,41 @@
+@@ -1711,6 +1712,41 @@
 
      for ( ;; ) {
 
@@ -74,7 +51,7 @@ records again).
          while (in && buf->last < buf->end && send < limit) {
              if (in->buf->last_buf || in->buf->flush) {
                  flush = 1;
-@@ -1770,6 +1806,9 @@
+@@ -1812,6 +1848,9 @@
 
      if (n > 0) {
 
@@ -84,29 +61,32 @@ records again).
          if (c->ssl->saved_read_handler) {
 
              c->read->handler = c->ssl->saved_read_handler;
---- a/src/event/ngx_event_openssl.h
-+++ b/src/event/ngx_event_openssl.h
-@@ -54,10 +54,19 @@
+diff -urN nginx-1.13.0-orig/src/event/ngx_event_openssl.h nginx-1.13.0/src/event/ngx_event_openssl.h
+--- nginx-1.13.0-orig/src/event/ngx_event_openssl.h	2017-04-25 17:13:00.634648923 -0400
++++ nginx-1.13.0/src/event/ngx_event_openssl.h	2017-04-25 17:42:03.000000000 -0400
+@@ -53,6 +53,13 @@
+ #define ngx_ssl_session_t       SSL_SESSION
  #define ngx_ssl_conn_t          SSL
 
- 
 +typedef struct {
 +    ngx_msec_t                  timeout;
 +    ngx_uint_t                  threshold;
 +    size_t                      size_lo;
 +    size_t                      size_hi;
 +} ngx_ssl_dyn_rec_t;
 +
-+
- struct ngx_ssl_s {
+ 
+ #if (OPENSSL_VERSION_NUMBER < 0x10002000L)
+ #define SSL_is_server(s)        (s)->server
+@@ -63,6 +70,7 @@
      SSL_CTX                    *ctx;
      ngx_log_t                  *log;
      size_t                      buffer_size;
 +    ngx_ssl_dyn_rec_t           dyn_rec;
  };
 
 
-@@ -80,6 +89,10 @@
+@@ -85,6 +93,10 @@
      unsigned                    no_wait_shutdown:1;
      unsigned                    no_send_shutdown:1;
      unsigned                    handshake_buffer_set:1;
@@ -117,7 +97,7 @@ records again).
  };
 
 
-@@ -89,7 +102,7 @@
+@@ -94,7 +106,7 @@
  #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
 
 
@@ -126,9 +106,10 @@ records again).
 
  typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;
 
---- a/src/http/modules/ngx_http_ssl_module.c
-+++ b/src/http/modules/ngx_http_ssl_module.c
-@@ -233,6 +233,41 @@
+diff -urN nginx-1.13.0-orig/src/http/modules/ngx_http_ssl_module.c nginx-1.13.0/src/http/modules/ngx_http_ssl_module.c
+--- nginx-1.13.0-orig/src/http/modules/ngx_http_ssl_module.c	2017-04-25 17:13:00.643648755 -0400
++++ nginx-1.13.0/src/http/modules/ngx_http_ssl_module.c	2017-04-25 17:46:13.000000000 -0400
+@@ -234,6 +234,41 @@
        offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
        NULL },
 
@@ -170,7 +151,7 @@ records again).
        ngx_null_command
  };
 
-@@ -533,6 +568,11 @@
+@@ -555,6 +590,11 @@
      sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
      sscf->stapling = NGX_CONF_UNSET;
      sscf->stapling_verify = NGX_CONF_UNSET;
@@ -182,7 +163,7 @@ records again).
 
      return sscf;
  }
-@@ -598,6 +638,20 @@
+@@ -620,6 +660,20 @@
      ngx_conf_merge_str_value(conf->stapling_responder,
                           prev->stapling_responder, "");
 
@@ -203,7 +184,7 @@ records again).
      conf->ssl.log = cf->log;
 
      if (conf->enable) {
-@@ -778,6 +832,28 @@
+@@ -800,6 +854,28 @@
 
      }
 
@@ -232,8 +213,9 @@ records again).
      return NGX_CONF_OK;
  }
 
---- a/src/http/modules/ngx_http_ssl_module.h
-+++ b/src/http/modules/ngx_http_ssl_module.h
+diff -urN nginx-1.13.0-orig/src/http/modules/ngx_http_ssl_module.h nginx-1.13.0/src/http/modules/ngx_http_ssl_module.h
+--- nginx-1.13.0-orig/src/http/modules/ngx_http_ssl_module.h	2017-04-25 17:13:00.649648644 -0400
++++ nginx-1.13.0/src/http/modules/ngx_http_ssl_module.h	2017-04-25 17:46:52.000000000 -0400
 @@ -57,6 +57,12 @@
 
      u_char                         *file;

SOURCES/webkaos-dynamic-tls-records.patch

@@ -123,7 +123,7 @@ http {
   ssl_session_timeout        5m;
   ssl_prefer_server_ciphers  on;
   ssl_dyn_rec_enable         on;
-  ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols              TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
   ssl_dhparam                /etc/webkaos/ssl/dhparam.pem;
 
   ssl_stapling               on;

SOURCES/webkaos.conf

@@ -1,6 +1,6 @@
-diff -urN nginx-1.11.13-orig/auto/lib/openssl/make nginx-1.11.13/auto/lib/openssl/make
---- nginx-1.11.13-orig/auto/lib/openssl/make	2017-04-08 17:37:31.291426468 -0400
-+++ nginx-1.11.13/auto/lib/openssl/make	2017-04-08 17:39:20.783343726 -0400
+diff -urN nginx-1.13.0-orig/auto/lib/openssl/make nginx-1.13.0/auto/lib/openssl/make
+--- nginx-1.13.0-orig/auto/lib/openssl/make	2017-04-25 17:13:00.618649224 -0400
++++ nginx-1.13.0/auto/lib/openssl/make	2017-04-25 17:13:19.755289174 -0400
 @@ -45,18 +45,18 @@
              /*) ngx_prefix="$OPENSSL/.openssl" ;;
              *)  ngx_prefix="$PWD/$OPENSSL/.openssl" ;;
@@ -24,9 +24,9 @@ diff -urN nginx-1.11.13-orig/auto/lib/openssl/make nginx-1.11.13/auto/lib/openss
      ;;
 
  esac
-diff -urN nginx-1.11.13-orig/src/core/nginx.c nginx-1.11.13/src/core/nginx.c
---- nginx-1.11.13-orig/src/core/nginx.c	2017-04-08 17:37:31.319425061 -0400
-+++ nginx-1.11.13/src/core/nginx.c	2017-04-08 17:39:20.800343165 -0400
+diff -urN nginx-1.13.0-orig/src/core/nginx.c nginx-1.13.0/src/core/nginx.c
+--- nginx-1.13.0-orig/src/core/nginx.c	2017-04-25 17:13:00.666648328 -0400
++++ nginx-1.13.0/src/core/nginx.c	2017-04-25 17:13:19.773290501 -0400
 @@ -382,13 +382,13 @@
  static void
  ngx_show_version_info(void)
@@ -45,13 +45,13 @@ diff -urN nginx-1.11.13-orig/src/core/nginx.c nginx-1.11.13/src/core/nginx.c
              "Options:" NGX_LINEFEED
              "  -?,-h         : this help" NGX_LINEFEED
              "  -v            : show version and exit" NGX_LINEFEED
-diff -urN nginx-1.11.13-orig/src/core/nginx.h nginx-1.11.13/src/core/nginx.h
---- nginx-1.11.13-orig/src/core/nginx.h	2017-04-08 17:37:31.322424960 -0400
-+++ nginx-1.11.13/src/core/nginx.h	2017-04-08 17:40:12.000000000 -0400
+diff -urN nginx-1.13.0-orig/src/core/nginx.h nginx-1.13.0/src/core/nginx.h
+--- nginx-1.13.0-orig/src/core/nginx.h	2017-04-25 17:13:00.670648253 -0400
++++ nginx-1.13.0/src/core/nginx.h	2017-04-25 17:14:15.000000000 -0400
 @@ -11,7 +11,7 @@
 
- #define nginx_version      1011013
- #define NGINX_VERSION      "1.11.13"
+ #define nginx_version      1013000
+ #define NGINX_VERSION      "1.13.0"
 -#define NGINX_VER          "nginx/" NGINX_VERSION
 +#define NGINX_VER          "webkaos/" NGINX_VERSION
 
@@ -66,9 +66,9 @@ diff -urN nginx-1.11.13-orig/src/core/nginx.h nginx-1.11.13/src/core/nginx.h
  #define NGX_OLDPID_EXT     ".oldbin"
 
 
-diff -urN nginx-1.11.13-orig/src/core/ngx_log.c nginx-1.11.13/src/core/ngx_log.c
---- nginx-1.11.13-orig/src/core/ngx_log.c	2017-04-08 17:37:31.322424960 -0400
-+++ nginx-1.11.13/src/core/ngx_log.c	2017-04-08 17:39:20.823342523 -0400
+diff -urN nginx-1.13.0-orig/src/core/ngx_log.c nginx-1.13.0/src/core/ngx_log.c
+--- nginx-1.13.0-orig/src/core/ngx_log.c	2017-04-25 17:13:00.669648272 -0400
++++ nginx-1.13.0/src/core/ngx_log.c	2017-04-25 17:13:19.816292375 -0400
 @@ -202,9 +202,9 @@
          return;
      }
@@ -99,9 +99,9 @@ diff -urN nginx-1.11.13-orig/src/core/ngx_log.c nginx-1.11.13/src/core/ngx_log.c
          return NGX_CONF_ERROR;
  #endif
 
-diff -urN nginx-1.11.13-orig/src/http/modules/ngx_http_autoindex_module.c nginx-1.11.13/src/http/modules/ngx_http_autoindex_module.c
---- nginx-1.11.13-orig/src/http/modules/ngx_http_autoindex_module.c	2017-04-08 17:37:31.310425424 -0400
-+++ nginx-1.11.13/src/http/modules/ngx_http_autoindex_module.c	2017-04-08 17:39:20.838342106 -0400
+diff -urN nginx-1.13.0-orig/src/http/modules/ngx_http_autoindex_module.c nginx-1.13.0/src/http/modules/ngx_http_autoindex_module.c
+--- nginx-1.13.0-orig/src/http/modules/ngx_http_autoindex_module.c	2017-04-25 17:13:00.646648701 -0400
++++ nginx-1.13.0/src/http/modules/ngx_http_autoindex_module.c	2017-04-25 17:13:19.836292484 -0400
 @@ -445,9 +445,11 @@
      ;
 
@@ -177,9 +177,9 @@ diff -urN nginx-1.11.13-orig/src/http/modules/ngx_http_autoindex_module.c nginx-
                                tm.ngx_tm_mday,
                                months[tm.ngx_tm_mon - 1],
                                tm.ngx_tm_year,
-diff -urN nginx-1.11.13-orig/src/http/ngx_http_header_filter_module.c nginx-1.11.13/src/http/ngx_http_header_filter_module.c
---- nginx-1.11.13-orig/src/http/ngx_http_header_filter_module.c	2017-04-08 17:37:31.314425259 -0400
-+++ nginx-1.11.13/src/http/ngx_http_header_filter_module.c	2017-04-08 17:48:03.000000000 -0400
+diff -urN nginx-1.13.0-orig/src/http/ngx_http_header_filter_module.c nginx-1.13.0/src/http/ngx_http_header_filter_module.c
+--- nginx-1.13.0-orig/src/http/ngx_http_header_filter_module.c	2017-04-25 17:13:00.655648533 -0400
++++ nginx-1.13.0/src/http/ngx_http_header_filter_module.c	2017-04-25 17:18:05.000000000 -0400
 @@ -46,7 +46,7 @@
  };
 
@@ -189,7 +189,7 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_header_filter_module.c nginx-1.11
  static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
  static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
 
-@@ -109,8 +109,30 @@
+@@ -110,8 +110,30 @@
      ngx_null_string,  /* "427 unused" */
      ngx_null_string,  /* "428 Precondition Required" */
      ngx_string("429 Too Many Requests"),
@@ -221,9 +221,9 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_header_filter_module.c nginx-1.11
  #define NGX_HTTP_OFF_5XX   (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX)
 
      ngx_string("500 Internal Server Error"),
-diff -urN nginx-1.11.13-orig/src/http/ngx_http_special_response.c nginx-1.11.13/src/http/ngx_http_special_response.c
---- nginx-1.11.13-orig/src/http/ngx_http_special_response.c	2017-04-08 17:37:31.315425217 -0400
-+++ nginx-1.11.13/src/http/ngx_http_special_response.c	2017-04-08 17:49:28.000000000 -0400
+diff -urN nginx-1.13.0-orig/src/http/ngx_http_special_response.c nginx-1.13.0/src/http/ngx_http_special_response.c
+--- nginx-1.13.0-orig/src/http/ngx_http_special_response.c	2017-04-25 17:13:00.657648495 -0400
++++ nginx-1.13.0/src/http/ngx_http_special_response.c	2017-04-25 17:22:31.000000000 -0400
 @@ -19,21 +19,21 @@
 
 
@@ -249,7 +249,7 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_special_response.c nginx-1.11.13/
  "</body>" CRLF
  "</html>" CRLF
  ;
-@@ -59,265 +59,302 @@
+@@ -59,273 +59,311 @@
 
  static char ngx_http_error_301_page[] =
  "<html>" CRLF
@@ -299,6 +299,18 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_special_response.c nginx-1.11.13/
  ;
 
 
+ static char ngx_http_error_308_page[] =
+ "<html>" CRLF
+-"<head><title>308 Permanent Redirect</title></head>" CRLF
+-"<body bgcolor=\"white\">" CRLF
+-"<center><h1>308 Permanent Redirect</h1></center>" CRLF
++"<head><title>308 Permanent Redirect</title>" CRLF
++"<style>html,body{background-color:#EEE;color:#AAA;font:100 1em/1em 'Segoe UI Light','Open Sans Light','Open Sans','Segoe UI','Helvetica Neue',Helvetica,Trebuchet,sans-serif;height:100%;margin:0;text-align:center}body:after{content:'';display:inline-block;height:100%;vertical-align:middle}div{display:inline-block}h1,h3{color:#333;font-weight:100}</style></head>" CRLF
++"<body>" CRLF
++"<div><h1>308 Permanent Redirect</h1>" CRLF
+ ;
+ 
+ 
  static char ngx_http_error_400_page[] =
  "<html>" CRLF
 -"<head><title>400 Bad Request</title></head>" CRLF
@@ -656,7 +668,7 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_special_response.c nginx-1.11.13/
  ;
 
 
-@@ -370,8 +407,30 @@
+@@ -379,8 +417,30 @@
      ngx_null_string,                     /* 427 */
      ngx_null_string,                     /* 428 */
      ngx_string(ngx_http_error_429_page),
@@ -688,9 +700,9 @@ diff -urN nginx-1.11.13-orig/src/http/ngx_http_special_response.c nginx-1.11.13/
  #define NGX_HTTP_OFF_5XX   (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX)
 
      ngx_string(ngx_http_error_494_page), /* 494, request header too large */
-diff -urN nginx-1.11.13-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.11.13/src/http/v2/ngx_http_v2_filter_module.c
---- nginx-1.11.13-orig/src/http/v2/ngx_http_v2_filter_module.c	2017-04-08 17:37:31.317425133 -0400
-+++ nginx-1.11.13/src/http/v2/ngx_http_v2_filter_module.c	2017-04-08 17:51:03.000000000 -0400
+diff -urN nginx-1.13.0-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.13.0/src/http/v2/ngx_http_v2_filter_module.c
+--- nginx-1.13.0-orig/src/http/v2/ngx_http_v2_filter_module.c	2017-04-25 17:13:00.660648440 -0400
++++ nginx-1.13.0/src/http/v2/ngx_http_v2_filter_module.c	2017-04-25 17:13:19.869291927 -0400
 @@ -139,7 +139,7 @@
      ngx_http_core_srv_conf_t  *cscf;
      u_char                     addr[NGX_SOCKADDR_STRLEN];
@@ -709,9 +721,9 @@ diff -urN nginx-1.11.13-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.11.
          }
 
          *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX);
-diff -urN nginx-1.11.13-orig/src/os/unix/ngx_setproctitle.c nginx-1.11.13/src/os/unix/ngx_setproctitle.c
---- nginx-1.11.13-orig/src/os/unix/ngx_setproctitle.c	2017-04-08 17:37:31.297426087 -0400
-+++ nginx-1.11.13/src/os/unix/ngx_setproctitle.c	2017-04-08 17:39:20.887340739 -0400
+diff -urN nginx-1.13.0-orig/src/os/unix/ngx_setproctitle.c nginx-1.13.0/src/os/unix/ngx_setproctitle.c
+--- nginx-1.13.0-orig/src/os/unix/ngx_setproctitle.c	2017-04-25 17:13:00.624649111 -0400
++++ nginx-1.13.0/src/os/unix/ngx_setproctitle.c	2017-04-25 17:13:19.883291667 -0400
 @@ -89,7 +89,7 @@
 
      ngx_os_argv[1] = NULL;

SOURCES/webkaos.patch

@@ -44,7 +44,7 @@
 %define service_name         %{name}
 %define service_home         %{_cachedir}/%{service_name}
 
-%define boring_commit        6114c3c5d4086d4a0b56c7f6eaa2ebd70d2bea93
+%define boring_commit        d617e01cfa59d11b6474380738c92ef2c0d4b09a
 %define psol_ver             1.11.33.4
 %define lua_module_ver       0.10.7
 %define mh_module_ver        0.32
@@ -59,8 +59,8 @@
 
 Summary:              Superb high performance web server
 Name:                 webkaos
-Version:              1.11.13
-Release:              1%{?dist}
+Version:              1.13.0
+Release:              0%{?dist}
 License:              2-clause BSD-like license
 Group:                System Environment/Daemons
 Vendor:               Nginx / Google / CloudFlare / ESSENTIALKAOS
@@ -581,6 +581,11 @@ rm -rf %{buildroot}
 ###############################################################################
 
 %changelog
+* Wed Apr 26 2017 Anton Novojilov <andy@essentialkaos.com> - 1.13.0-0
+- Nginx updated to 1.13.0
+- BoringSSL updated to latest version
+- TLS 1.3 enabled by default
+
 * Wed Apr 19 2017 Anton Novojilov <andy@essentialkaos.com> - 1.11.13-1
 - Added AES128-SHA to list of supported ciphers