forked from rpms/nginx
Compare commits
No commits in common. "a8-stream-1.14" and "c8-stream-1.16" have entirely different histories.
a8-stream-
...
c8-stream-
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/nginx-1.14.1.tar.gz
|
SOURCES/nginx-1.16.1.tar.gz
|
||||||
SOURCES/poweredby.png
|
SOURCES/poweredby.png
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
a9dc8c5b055a3f0021d09c112d27422f45dd439c SOURCES/nginx-1.14.1.tar.gz
|
77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
|
||||||
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
||||||
|
@ -1,30 +0,0 @@
|
|||||||
From f446736d4f4c5f7ae81bb8bf84fda7ce3c9d49a0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
|
||||||
Date: Wed, 24 Jan 2018 12:37:48 +0100
|
|
||||||
Subject: [PATCH] unix/ngx_user: Apply fix for really old bug in glibc libcrypt
|
|
||||||
if needed
|
|
||||||
|
|
||||||
---
|
|
||||||
src/os/unix/ngx_user.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/os/unix/ngx_user.c b/src/os/unix/ngx_user.c
|
|
||||||
index 7ebe2b57..d0fe9238 100644
|
|
||||||
--- a/src/os/unix/ngx_user.c
|
|
||||||
+++ b/src/os/unix/ngx_user.c
|
|
||||||
@@ -21,8 +21,10 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
|
|
||||||
struct crypt_data cd;
|
|
||||||
|
|
||||||
cd.initialized = 0;
|
|
||||||
-#ifdef __GLIBC__
|
|
||||||
- /* work around the glibc bug */
|
|
||||||
+#if (defined(__GLIBC__) && __GLIBC__ == 2) && \
|
|
||||||
+ (defined(__GLIBC_MINOR__) && __GLIBC_MINOR__ >= 2 && __GLIBC_MINOR__ < 4)
|
|
||||||
+ /* work around glibc-2.2.5 bug,
|
|
||||||
+ * has been fixed at some time in glibc-2.3.X */
|
|
||||||
cd.current_salt[0] = ~salt[0];
|
|
||||||
#endif
|
|
||||||
|
|
||||||
--
|
|
||||||
2.16.1
|
|
||||||
|
|
@ -7,7 +7,7 @@
|
|||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
/*<![CDATA[*/
|
/*<![CDATA[*/
|
||||||
body {
|
body {
|
||||||
background-color: #FAF5F5;
|
background-color: #fff;
|
||||||
color: #000;
|
color: #000;
|
||||||
font-size: 0.9em;
|
font-size: 0.9em;
|
||||||
font-family: sans-serif,helvetica;
|
font-family: sans-serif,helvetica;
|
||||||
@ -15,19 +15,19 @@
|
|||||||
padding: 0;
|
padding: 0;
|
||||||
}
|
}
|
||||||
:link {
|
:link {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
:visited {
|
:visited {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
a:hover {
|
a:hover {
|
||||||
color: #0069DA;
|
color: #f50;
|
||||||
}
|
}
|
||||||
h1 {
|
h1 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
margin: 0;
|
margin: 0;
|
||||||
padding: 0.6em 2em 0.4em;
|
padding: 0.6em 2em 0.4em;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
font-weight: normal;
|
font-weight: normal;
|
||||||
font-size: 1.75em;
|
font-size: 1.75em;
|
||||||
@ -39,7 +39,7 @@
|
|||||||
}
|
}
|
||||||
h2 {
|
h2 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
font-size: 1.1em;
|
font-size: 1.1em;
|
||||||
font-weight: bold;
|
font-weight: bold;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
@ -64,7 +64,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
img {
|
img {
|
||||||
border: 2px solid #FAF5F5;
|
border: 2px solid #fff;
|
||||||
padding: 2px;
|
padding: 2px;
|
||||||
margin: 2px;
|
margin: 2px;
|
||||||
}
|
}
|
||||||
@ -92,7 +92,7 @@
|
|||||||
<p>Something has triggered missing webpage on your
|
<p>Something has triggered missing webpage on your
|
||||||
website. This is the default 404 error page for
|
website. This is the default 404 error page for
|
||||||
<strong>nginx</strong> that is distributed with
|
<strong>nginx</strong> that is distributed with
|
||||||
AlmaLinux. It is located
|
Red Hat Enterprise Linux. It is located
|
||||||
<tt>/usr/share/nginx/html/404.html</tt></p>
|
<tt>/usr/share/nginx/html/404.html</tt></p>
|
||||||
|
|
||||||
<p>You should customize this error page for your own
|
<p>You should customize this error page for your own
|
||||||
@ -100,7 +100,7 @@
|
|||||||
the <strong>nginx</strong> configuration file
|
the <strong>nginx</strong> configuration file
|
||||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||||
|
|
||||||
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
|
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -110,10 +110,10 @@
|
|||||||
src="nginx-logo.png"
|
src="nginx-logo.png"
|
||||||
alt="[ Powered by nginx ]"
|
alt="[ Powered by nginx ]"
|
||||||
width="121" height="32" /></a>
|
width="121" height="32" /></a>
|
||||||
<a href="http://www.almalinux.org/"><img
|
<a href="http://www.redhat.com/"><img
|
||||||
src="poweredby.png"
|
src="poweredby.png"
|
||||||
alt="[ Powered by AlmaLinux ]"
|
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||||
width="124" height="32" /></a>
|
width="88" height="31" /></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
/*<![CDATA[*/
|
/*<![CDATA[*/
|
||||||
body {
|
body {
|
||||||
background-color: #FAF5F5;
|
background-color: #fff;
|
||||||
color: #000;
|
color: #000;
|
||||||
font-size: 0.9em;
|
font-size: 0.9em;
|
||||||
font-family: sans-serif,helvetica;
|
font-family: sans-serif,helvetica;
|
||||||
@ -15,19 +15,19 @@
|
|||||||
padding: 0;
|
padding: 0;
|
||||||
}
|
}
|
||||||
:link {
|
:link {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
:visited {
|
:visited {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
a:hover {
|
a:hover {
|
||||||
color: #0069DA;
|
color: #f50;
|
||||||
}
|
}
|
||||||
h1 {
|
h1 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
margin: 0;
|
margin: 0;
|
||||||
padding: 0.6em 2em 0.4em;
|
padding: 0.6em 2em 0.4em;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
font-weight: normal;
|
font-weight: normal;
|
||||||
font-size: 1.75em;
|
font-size: 1.75em;
|
||||||
@ -39,7 +39,7 @@
|
|||||||
}
|
}
|
||||||
h2 {
|
h2 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
font-size: 1.1em;
|
font-size: 1.1em;
|
||||||
font-weight: bold;
|
font-weight: bold;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
@ -64,7 +64,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
img {
|
img {
|
||||||
border: 2px solid #FAF5F5;
|
border: 2px solid #fff;
|
||||||
padding: 2px;
|
padding: 2px;
|
||||||
margin: 2px;
|
margin: 2px;
|
||||||
}
|
}
|
||||||
@ -92,7 +92,7 @@
|
|||||||
<p>Something has triggered missing webpage on your
|
<p>Something has triggered missing webpage on your
|
||||||
website. This is the default error page for
|
website. This is the default error page for
|
||||||
<strong>nginx</strong> that is distributed with
|
<strong>nginx</strong> that is distributed with
|
||||||
AlmaLinux. It is located
|
Red Hat Enterprise Linux. It is located
|
||||||
<tt>/usr/share/nginx/html/50x.html</tt></p>
|
<tt>/usr/share/nginx/html/50x.html</tt></p>
|
||||||
|
|
||||||
<p>You should customize this error page for your own
|
<p>You should customize this error page for your own
|
||||||
@ -100,7 +100,7 @@
|
|||||||
the <strong>nginx</strong> configuration file
|
the <strong>nginx</strong> configuration file
|
||||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||||
|
|
||||||
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
|
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -110,10 +110,10 @@
|
|||||||
src="nginx-logo.png"
|
src="nginx-logo.png"
|
||||||
alt="[ Powered by nginx ]"
|
alt="[ Powered by nginx ]"
|
||||||
width="121" height="32" /></a>
|
width="121" height="32" /></a>
|
||||||
<a href="http://www.almalinux.org/"><img
|
<a href="http://www.redhat.com/"><img
|
||||||
src="poweredby.png"
|
src="poweredby.png"
|
||||||
alt="[ Powered by AlmaLinux ]"
|
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||||
width="124" height="32" /></a>
|
width="88" height="31" /></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
|
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
||||||
<head>
|
<head>
|
||||||
<title>Test Page for the Nginx HTTP Server on AlmaLinux</title>
|
<title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
/*<![CDATA[*/
|
/*<![CDATA[*/
|
||||||
body {
|
body {
|
||||||
background-color: #FAF5F5;
|
background-color: #fff;
|
||||||
color: #000;
|
color: #000;
|
||||||
font-size: 0.9em;
|
font-size: 0.9em;
|
||||||
font-family: sans-serif,helvetica;
|
font-family: sans-serif,helvetica;
|
||||||
@ -15,19 +15,19 @@
|
|||||||
padding: 0;
|
padding: 0;
|
||||||
}
|
}
|
||||||
:link {
|
:link {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
:visited {
|
:visited {
|
||||||
color: #0B2335;
|
color: #c00;
|
||||||
}
|
}
|
||||||
a:hover {
|
a:hover {
|
||||||
color: #0069DA;
|
color: #f50;
|
||||||
}
|
}
|
||||||
h1 {
|
h1 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
margin: 0;
|
margin: 0;
|
||||||
padding: 0.6em 2em 0.4em;
|
padding: 0.6em 2em 0.4em;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
font-weight: normal;
|
font-weight: normal;
|
||||||
font-size: 1.75em;
|
font-size: 1.75em;
|
||||||
@ -39,7 +39,7 @@
|
|||||||
}
|
}
|
||||||
h2 {
|
h2 {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
background-color: #0B2335;
|
background-color: #900;
|
||||||
font-size: 1.1em;
|
font-size: 1.1em;
|
||||||
font-weight: bold;
|
font-weight: bold;
|
||||||
color: #fff;
|
color: #fff;
|
||||||
@ -58,7 +58,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
img {
|
img {
|
||||||
border: 2px solid #FAF5F5;
|
border: 2px solid #fff;
|
||||||
padding: 2px;
|
padding: 2px;
|
||||||
margin: 2px;
|
margin: 2px;
|
||||||
}
|
}
|
||||||
@ -74,7 +74,7 @@
|
|||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
<h1>Welcome to <strong>nginx</strong> on AlmaLinux!</h1>
|
<h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
|
||||||
|
|
||||||
<div class="content">
|
<div class="content">
|
||||||
<p>This page is used to test the proper operation of the
|
<p>This page is used to test the proper operation of the
|
||||||
@ -88,7 +88,7 @@
|
|||||||
<div class="content">
|
<div class="content">
|
||||||
<p>This is the default <tt>index.html</tt> page that
|
<p>This is the default <tt>index.html</tt> page that
|
||||||
is distributed with <strong>nginx</strong> on
|
is distributed with <strong>nginx</strong> on
|
||||||
AlmaLinux. It is located in
|
Red Hat Enterprise Linux. It is located in
|
||||||
<tt>/usr/share/nginx/html</tt>.</p>
|
<tt>/usr/share/nginx/html</tt>.</p>
|
||||||
|
|
||||||
<p>You should now put your content in a location of
|
<p>You should now put your content in a location of
|
||||||
@ -97,7 +97,7 @@
|
|||||||
configuration file
|
configuration file
|
||||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||||
|
|
||||||
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
|
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -107,10 +107,10 @@
|
|||||||
src="nginx-logo.png"
|
src="nginx-logo.png"
|
||||||
alt="[ Powered by nginx ]"
|
alt="[ Powered by nginx ]"
|
||||||
width="121" height="32" /></a>
|
width="121" height="32" /></a>
|
||||||
<a href="http://www.almalinux.org/"><img
|
<a href="http://www.redhat.com/"><img
|
||||||
src="poweredby.png"
|
src="poweredby.png"
|
||||||
alt="[ Powered by AlmaLinux ]"
|
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||||
width="124" height="32" /></a>
|
width="88" height="31" /></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
@ -1,42 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Anderson Sasaki <ansasaki@redhat.com>
|
|
||||||
# Date 1533742801 -7200
|
|
||||||
# Wed Aug 08 17:40:01 2018 +0200
|
|
||||||
# Node ID ae457c9b2967da1b05aefcf1e81c099e9375c0d7
|
|
||||||
# Parent ba971deb4b447662e3c47fcc860b34d43469162a
|
|
||||||
SSL: added ENGINE_init() call before loading key.
|
|
||||||
|
|
||||||
It is necessary to call ENGINE_init() before using an OpenSSL engine
|
|
||||||
to get the engine functional reference. Without this, when
|
|
||||||
ENGINE_load_private_key() is called, the engine is still uninitialized.
|
|
||||||
|
|
||||||
diff -r ba971deb4b44 -r ae457c9b2967 src/event/ngx_event_openssl.c
|
|
||||||
--- a/src/event/ngx_event_openssl.c Tue Aug 07 02:16:07 2018 +0300
|
|
||||||
+++ b/src/event/ngx_event_openssl.c Wed Aug 08 17:40:01 2018 +0200
|
|
||||||
@@ -533,6 +533,13 @@
|
|
||||||
return NGX_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!ENGINE_init(engine)) {
|
|
||||||
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
|
||||||
+ "ENGINE_init(\"%s\") failed", p);
|
|
||||||
+ ENGINE_free(engine);
|
|
||||||
+ return NGX_ERROR;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*last++ = ':';
|
|
||||||
|
|
||||||
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
|
|
||||||
@@ -540,10 +547,12 @@
|
|
||||||
if (pkey == NULL) {
|
|
||||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
|
||||||
"ENGINE_load_private_key(\"%s\") failed", last);
|
|
||||||
+ ENGINE_finish(engine);
|
|
||||||
ENGINE_free(engine);
|
|
||||||
return NGX_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ ENGINE_finish(engine);
|
|
||||||
ENGINE_free(engine);
|
|
||||||
|
|
||||||
if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
|
|
@ -1,70 +0,0 @@
|
|||||||
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
|
||||||
index 12214e1..3b7f892 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2.c
|
|
||||||
+++ b/src/http/v2/ngx_http_v2.c
|
|
||||||
@@ -4335,6 +4335,8 @@ ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc)
|
|
||||||
*/
|
|
||||||
pool = stream->pool;
|
|
||||||
|
|
||||||
+ h2c->frames -= stream->frames;
|
|
||||||
+
|
|
||||||
ngx_http_free_request(stream->request, rc);
|
|
||||||
|
|
||||||
if (pool != h2c->state.pool) {
|
|
||||||
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
|
||||||
index bec2216..715b7d3 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2.h
|
|
||||||
+++ b/src/http/v2/ngx_http_v2.h
|
|
||||||
@@ -192,6 +192,8 @@ struct ngx_http_v2_stream_s {
|
|
||||||
|
|
||||||
ngx_buf_t *preread;
|
|
||||||
|
|
||||||
+ ngx_uint_t frames;
|
|
||||||
+
|
|
||||||
ngx_http_v2_out_frame_t *free_frames;
|
|
||||||
ngx_chain_t *free_frame_headers;
|
|
||||||
ngx_chain_t *free_bufs;
|
|
||||||
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
|
|
||||||
index 029e8ec..c7ee553 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2_filter_module.c
|
|
||||||
+++ b/src/http/v2/ngx_http_v2_filter_module.c
|
|
||||||
@@ -1661,22 +1661,34 @@ static ngx_http_v2_out_frame_t *
|
|
||||||
ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream,
|
|
||||||
size_t len, ngx_chain_t *first, ngx_chain_t *last)
|
|
||||||
{
|
|
||||||
- u_char flags;
|
|
||||||
- ngx_buf_t *buf;
|
|
||||||
- ngx_chain_t *cl;
|
|
||||||
- ngx_http_v2_out_frame_t *frame;
|
|
||||||
+ u_char flags;
|
|
||||||
+ ngx_buf_t *buf;
|
|
||||||
+ ngx_chain_t *cl;
|
|
||||||
+ ngx_http_v2_out_frame_t *frame;
|
|
||||||
+ ngx_http_v2_connection_t *h2c;
|
|
||||||
|
|
||||||
frame = stream->free_frames;
|
|
||||||
+ h2c = stream->connection;
|
|
||||||
|
|
||||||
if (frame) {
|
|
||||||
stream->free_frames = frame->next;
|
|
||||||
|
|
||||||
- } else {
|
|
||||||
+ } else if (h2c->frames < 10000) {
|
|
||||||
frame = ngx_palloc(stream->request->pool,
|
|
||||||
sizeof(ngx_http_v2_out_frame_t));
|
|
||||||
if (frame == NULL) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ stream->frames++;
|
|
||||||
+ h2c->frames++;
|
|
||||||
+
|
|
||||||
+ } else {
|
|
||||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
|
||||||
+ "http2 flood detected");
|
|
||||||
+
|
|
||||||
+ h2c->connection->error = 1;
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0;
|
|
@ -1,47 +0,0 @@
|
|||||||
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
|
||||||
index 3b7f892..0aaea47 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2.c
|
|
||||||
+++ b/src/http/v2/ngx_http_v2.c
|
|
||||||
@@ -275,6 +275,7 @@ ngx_http_v2_init(ngx_event_t *rev)
|
|
||||||
h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
|
|
||||||
|
|
||||||
h2c->concurrent_pushes = h2scf->concurrent_pushes;
|
|
||||||
+ h2c->priority_limit = h2scf->concurrent_streams;
|
|
||||||
|
|
||||||
h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
|
|
||||||
if (h2c->pool == NULL) {
|
|
||||||
@@ -1798,6 +1799,13 @@ ngx_http_v2_state_priority(ngx_http_v2_connection_t *h2c, u_char *pos,
|
|
||||||
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (--h2c->priority_limit == 0) {
|
|
||||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
|
||||||
+ "client sent too many PRIORITY frames");
|
|
||||||
+
|
|
||||||
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) {
|
|
||||||
return ngx_http_v2_state_save(h2c, pos, end,
|
|
||||||
ngx_http_v2_state_priority);
|
|
||||||
@@ -3112,6 +3120,8 @@ ngx_http_v2_create_stream(ngx_http_v2_connection_t *h2c, ngx_uint_t push)
|
|
||||||
h2c->processing++;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ h2c->priority_limit += h2scf->concurrent_streams;
|
|
||||||
+
|
|
||||||
return stream;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
|
||||||
index 715b7d3..69d55d1 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2.h
|
|
||||||
+++ b/src/http/v2/ngx_http_v2.h
|
|
||||||
@@ -122,6 +122,7 @@ struct ngx_http_v2_connection_s {
|
|
||||||
ngx_uint_t processing;
|
|
||||||
ngx_uint_t frames;
|
|
||||||
ngx_uint_t idle;
|
|
||||||
+ ngx_uint_t priority_limit;
|
|
||||||
|
|
||||||
ngx_uint_t pushing;
|
|
||||||
ngx_uint_t concurrent_pushes;
|
|
@ -1,30 +0,0 @@
|
|||||||
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
|
||||||
index 0aaea47..fd6ecb0 100644
|
|
||||||
--- a/src/http/v2/ngx_http_v2.c
|
|
||||||
+++ b/src/http/v2/ngx_http_v2.c
|
|
||||||
@@ -1549,6 +1549,14 @@ ngx_http_v2_state_process_header(ngx_http_v2_connection_t *h2c, u_char *pos,
|
|
||||||
header->name.len = h2c->state.field_end - h2c->state.field_start;
|
|
||||||
header->name.data = h2c->state.field_start;
|
|
||||||
|
|
||||||
+ if (header->name.len == 0) {
|
|
||||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
|
||||||
+ "client sent zero header name length");
|
|
||||||
+
|
|
||||||
+ return ngx_http_v2_connection_error(h2c,
|
|
||||||
+ NGX_HTTP_V2_PROTOCOL_ERROR);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return ngx_http_v2_state_field_len(h2c, pos, end);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -3259,10 +3267,6 @@ ngx_http_v2_validate_header(ngx_http_request_t *r, ngx_http_v2_header_t *header)
|
|
||||||
ngx_uint_t i;
|
|
||||||
ngx_http_core_srv_conf_t *cscf;
|
|
||||||
|
|
||||||
- if (header->name.len == 0) {
|
|
||||||
- return NGX_ERROR;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
r->invalid_header = 0;
|
|
||||||
|
|
||||||
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
|
|
@ -1,8 +1,8 @@
|
|||||||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||||
index 570abd7..ac37936 100644
|
index 345914f..d23967f 100644
|
||||||
--- a/src/event/ngx_event_openssl.c
|
--- a/src/event/ngx_event_openssl.c
|
||||||
+++ b/src/event/ngx_event_openssl.c
|
+++ b/src/event/ngx_event_openssl.c
|
||||||
@@ -232,6 +232,8 @@ ngx_ssl_init(ngx_log_t *log)
|
@@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
||||||
{
|
{
|
||||||
@ -11,34 +11,16 @@ index 570abd7..ac37936 100644
|
|||||||
ssl->ctx = SSL_CTX_new(SSLv23_method());
|
ssl->ctx = SSL_CTX_new(SSLv23_method());
|
||||||
|
|
||||||
if (ssl->ctx == NULL) {
|
if (ssl->ctx == NULL) {
|
||||||
@@ -296,39 +298,53 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
@@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
||||||
|
|
||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
|
||||||
|
|
||||||
-#ifdef SSL_CTRL_CLEAR_OPTIONS
|
-#if OPENSSL_VERSION_NUMBER >= 0x009080dfL
|
||||||
- /* only in 0.9.8m+ */
|
- /* only in 0.9.8m+ */
|
||||||
- SSL_CTX_clear_options(ssl->ctx,
|
- SSL_CTX_clear_options(ssl->ctx,
|
||||||
- SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
|
- SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
|
||||||
+ if (protocols){
|
-#endif
|
||||||
+#ifdef SSL_OP_NO_TLSv1_3
|
-
|
||||||
+ if (protocols & NGX_SSL_TLSv1_3) {
|
|
||||||
+ prot = TLS1_3_VERSION;
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
+#ifdef SSL_OP_NO_TLSv1_2
|
|
||||||
+ if (protocols & NGX_SSL_TLSv1_2) {
|
|
||||||
+ prot = TLS1_2_VERSION;
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
+#ifdef SSL_OP_NO_TLSv1_1
|
|
||||||
+ if (protocols & NGX_SSL_TLSv1_1) {
|
|
||||||
+ prot = TLS1_1_VERSION;
|
|
||||||
+ } else
|
|
||||||
#endif
|
|
||||||
+ if (protocols & NGX_SSL_TLSv1) {
|
|
||||||
+ prot = TLS1_VERSION;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (!(protocols & NGX_SSL_SSLv2)) {
|
- if (!(protocols & NGX_SSL_SSLv2)) {
|
||||||
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
|
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
|
||||||
- }
|
- }
|
||||||
@ -48,12 +30,49 @@ index 570abd7..ac37936 100644
|
|||||||
- if (!(protocols & NGX_SSL_TLSv1)) {
|
- if (!(protocols & NGX_SSL_TLSv1)) {
|
||||||
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
|
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
|
||||||
- }
|
- }
|
||||||
|
-#ifdef SSL_OP_NO_TLSv1_1
|
||||||
|
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
|
||||||
|
- if (!(protocols & NGX_SSL_TLSv1_1)) {
|
||||||
|
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
|
||||||
|
- }
|
||||||
|
+ if (protocols){
|
||||||
|
+#ifdef SSL_OP_NO_TLSv1_3
|
||||||
|
+ if (protocols & NGX_SSL_TLSv1_3) {
|
||||||
|
+ prot = TLS1_3_VERSION;
|
||||||
|
+ } else
|
||||||
|
#endif
|
||||||
|
#ifdef SSL_OP_NO_TLSv1_2
|
||||||
|
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
|
||||||
|
- if (!(protocols & NGX_SSL_TLSv1_2)) {
|
||||||
|
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
|
||||||
|
- }
|
||||||
|
+ if (protocols & NGX_SSL_TLSv1_2) {
|
||||||
|
+ prot = TLS1_2_VERSION;
|
||||||
|
+ } else
|
||||||
|
#endif
|
||||||
|
-#ifdef SSL_OP_NO_TLSv1_3
|
||||||
|
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
|
||||||
|
- if (!(protocols & NGX_SSL_TLSv1_3)) {
|
||||||
|
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
|
||||||
|
- }
|
||||||
|
+#ifdef SSL_OP_NO_TLSv1_1
|
||||||
|
+ if (protocols & NGX_SSL_TLSv1_1) {
|
||||||
|
+ prot = TLS1_1_VERSION;
|
||||||
|
+ } else
|
||||||
|
#endif
|
||||||
|
+ if (protocols & NGX_SSL_TLSv1) {
|
||||||
|
+ prot = TLS1_VERSION;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ if (prot == NGX_SSL_NO_PROT) {
|
+ if (prot == NGX_SSL_NO_PROT) {
|
||||||
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
||||||
+ "No SSL protocols available [hint: ssl_protocols]");
|
+ "No SSL protocols available [hint: ssl_protocols]");
|
||||||
+ return NGX_ERROR;
|
+ return NGX_ERROR;
|
||||||
+ }
|
+ }
|
||||||
+
|
|
||||||
|
-#ifdef SSL_CTX_set_min_proto_version
|
||||||
|
- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
|
||||||
|
- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
|
||||||
+ SSL_CTX_set_max_proto_version(ssl->ctx, prot);
|
+ SSL_CTX_set_max_proto_version(ssl->ctx, prot);
|
||||||
+
|
+
|
||||||
+ /* Now, we have to scan for minimal protocol version,
|
+ /* Now, we have to scan for minimal protocol version,
|
||||||
@ -62,40 +81,31 @@ index 570abd7..ac37936 100644
|
|||||||
+ if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
|
+ if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
|
||||||
+ prot = TLS1_2_VERSION;
|
+ prot = TLS1_2_VERSION;
|
||||||
+ }
|
+ }
|
||||||
+#endif
|
#endif
|
||||||
#ifdef SSL_OP_NO_TLSv1_1
|
|
||||||
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
|
-#ifdef TLS1_3_VERSION
|
||||||
- if (!(protocols & NGX_SSL_TLSv1_1)) {
|
- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
|
||||||
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
|
- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
|
||||||
- }
|
+#ifdef SSL_OP_NO_TLSv1_1
|
||||||
+ if ((prot == TLS1_2_VERSION) && (protocols & NGX_SSL_TLSv1_1)) {
|
+ if ((prot == TLS1_2_VERSION) && (protocols & NGX_SSL_TLSv1_1)) {
|
||||||
+ prot = TLS1_1_VERSION;
|
+ prot = TLS1_1_VERSION;
|
||||||
+ }
|
+ }
|
||||||
#endif
|
+#endif
|
||||||
#ifdef SSL_OP_NO_TLSv1_2
|
+#ifdef SSL_OP_NO_TLSv1_2
|
||||||
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
|
|
||||||
- if (!(protocols & NGX_SSL_TLSv1_2)) {
|
|
||||||
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
|
|
||||||
- }
|
|
||||||
+ if ((prot == TLS1_1_VERSION) && (protocols & NGX_SSL_TLSv1)) {
|
+ if ((prot == TLS1_1_VERSION) && (protocols & NGX_SSL_TLSv1)) {
|
||||||
+ prot = TLS1_VERSION;
|
+ prot = TLS1_VERSION;
|
||||||
+ }
|
+ }
|
||||||
#endif
|
#endif
|
||||||
-#ifdef SSL_OP_NO_TLSv1_3
|
|
||||||
- SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
|
|
||||||
- if (!(protocols & NGX_SSL_TLSv1_3)) {
|
|
||||||
- SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
|
|
||||||
+ SSL_CTX_set_min_proto_version(ssl->ctx, prot);
|
+ SSL_CTX_set_min_proto_version(ssl->ctx, prot);
|
||||||
}
|
+ }
|
||||||
-#endif
|
|
||||||
|
|
||||||
#ifdef SSL_OP_NO_COMPRESSION
|
#ifdef SSL_OP_NO_COMPRESSION
|
||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
|
||||||
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
|
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
|
||||||
index 623d851..6f3d7ee 100644
|
index 61da0c5..fa7ac41 100644
|
||||||
--- a/src/event/ngx_event_openssl.h
|
--- a/src/event/ngx_event_openssl.h
|
||||||
+++ b/src/event/ngx_event_openssl.h
|
+++ b/src/event/ngx_event_openssl.h
|
||||||
@@ -132,6 +132,7 @@ typedef struct {
|
@@ -145,6 +145,7 @@ typedef struct {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
@ -104,11 +114,11 @@ index 623d851..6f3d7ee 100644
|
|||||||
#define NGX_SSL_SSLv3 0x0004
|
#define NGX_SSL_SSLv3 0x0004
|
||||||
#define NGX_SSL_TLSv1 0x0008
|
#define NGX_SSL_TLSv1 0x0008
|
||||||
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
|
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
|
||||||
index 7d62176..f9ef07d 100644
|
index b3f8f47..8340a12 100644
|
||||||
--- a/src/http/modules/ngx_http_ssl_module.c
|
--- a/src/http/modules/ngx_http_ssl_module.c
|
||||||
+++ b/src/http/modules/ngx_http_ssl_module.c
|
+++ b/src/http/modules/ngx_http_ssl_module.c
|
||||||
@@ -590,8 +588,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
@@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||||
prev->prefer_server_ciphers, 0);
|
ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
|
||||||
|
|
||||||
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
||||||
- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|
- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|
||||||
@ -118,10 +128,10 @@ index 7d62176..f9ef07d 100644
|
|||||||
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
|
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
|
||||||
NGX_SSL_BUFSIZE);
|
NGX_SSL_BUFSIZE);
|
||||||
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
|
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
|
||||||
index aebd179..50c7023 100644
|
index 5544f75..3316a4b 100644
|
||||||
--- a/src/mail/ngx_mail_ssl_module.c
|
--- a/src/mail/ngx_mail_ssl_module.c
|
||||||
+++ b/src/mail/ngx_mail_ssl_module.c
|
+++ b/src/mail/ngx_mail_ssl_module.c
|
||||||
@@ -285,8 +283,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
@@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||||
prev->prefer_server_ciphers, 0);
|
prev->prefer_server_ciphers, 0);
|
||||||
|
|
||||||
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
||||||
@ -132,10 +142,10 @@ index aebd179..50c7023 100644
|
|||||||
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
|
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
|
||||||
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
|
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
|
||||||
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
|
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
|
||||||
index 3e5a1f2..c8fce57 100644
|
index ec9524e..37af046 100644
|
||||||
--- a/src/stream/ngx_stream_ssl_module.c
|
--- a/src/stream/ngx_stream_ssl_module.c
|
||||||
+++ b/src/stream/ngx_stream_ssl_module.c
|
+++ b/src/stream/ngx_stream_ssl_module.c
|
||||||
@@ -554,8 +552,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
@@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||||
prev->prefer_server_ciphers, 0);
|
prev->prefer_server_ciphers, 0);
|
||||||
|
|
||||||
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
|
29
SOURCES/nginx-1.16.0-pkcs11.patch
Normal file
29
SOURCES/nginx-1.16.0-pkcs11.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||||
|
index 7be4fb4..ab3865a 100644
|
||||||
|
--- a/src/event/ngx_event_openssl.c
|
||||||
|
+++ b/src/event/ngx_event_openssl.c
|
||||||
|
@@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!ENGINE_init(engine)) {
|
||||||
|
+ *err = "ENGINE_init() failed";
|
||||||
|
+ ENGINE_free(engine);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*last++ = ':';
|
||||||
|
|
||||||
|
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
|
||||||
|
|
||||||
|
if (pkey == NULL) {
|
||||||
|
*err = "ENGINE_load_private_key() failed";
|
||||||
|
+ ENGINE_finish(engine);
|
||||||
|
ENGINE_free(engine);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ENGINE_finish(engine);
|
||||||
|
ENGINE_free(engine);
|
||||||
|
|
||||||
|
return pkey;
|
@ -18,8 +18,8 @@
|
|||||||
|
|
||||||
Name: nginx
|
Name: nginx
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.14.1
|
Version: 1.16.1
|
||||||
Release: 9%{?dist}.alma
|
Release: 1%{?dist}
|
||||||
|
|
||||||
Summary: A high performance web server and reverse proxy server
|
Summary: A high performance web server and reverse proxy server
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -46,30 +46,18 @@ Source210: UPGRADE-NOTES-1.6-to-1.10
|
|||||||
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
|
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
|
||||||
Patch0: nginx-auto-cc-gcc.patch
|
Patch0: nginx-auto-cc-gcc.patch
|
||||||
|
|
||||||
# Apply fix for bug in glibc libcrypt, if needed only.
|
|
||||||
# That has been fixed some time in glibc-2.3.X and is
|
|
||||||
# not needed with libxcrypt anyways.
|
|
||||||
Patch1: 0001-unix-ngx_user-Apply-fix-for-really-old-bug-in-glibc-.patch
|
|
||||||
|
|
||||||
# downstream patch - changing logs permissions to 664 instead
|
# downstream patch - changing logs permissions to 664 instead
|
||||||
# previous 644
|
# previous 644
|
||||||
Patch2: nginx-1.14.0-logs-perm.patch
|
Patch1: nginx-1.14.0-logs-perm.patch
|
||||||
|
|
||||||
# PKCS#11 engine fix
|
# PKCS#11 engine fix
|
||||||
Patch3: nginx-1.14.0-pkcs11.patch
|
Patch2: nginx-1.16.0-pkcs11.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1655530
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1655530
|
||||||
Patch4: nginx-1.14.1-perl-module-hardening.patch
|
Patch3: nginx-1.14.1-perl-module-hardening.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
||||||
Patch5: nginx-1.14.1-enable-tls1v3-by-default.patch
|
Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1735741
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
|
|
||||||
Patch200: nginx-1.14.1-CVE-2019-9511.patch
|
|
||||||
Patch201: nginx-1.14.1-CVE-2019-9513.patch
|
|
||||||
Patch202: nginx-1.14.1-CVE-2019-9516.patch
|
|
||||||
|
|
||||||
%if 0%{?with_gperftools}
|
%if 0%{?with_gperftools}
|
||||||
BuildRequires: gperftools-devel
|
BuildRequires: gperftools-devel
|
||||||
@ -80,7 +68,7 @@ BuildRequires: zlib-devel
|
|||||||
|
|
||||||
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
|
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%if 0%{?rhel} || 0%{?fedora} < 24
|
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
|
||||||
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
|
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
|
||||||
Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
|
Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
@ -118,15 +106,7 @@ Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
|
|||||||
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
|
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description all-modules
|
%description all-modules
|
||||||
%{summary}.
|
A meta package that installs all available Nginx modules.
|
||||||
%if 0%{?rhel}
|
|
||||||
The main nginx package depends on this to ease the upgrade path. After a grace
|
|
||||||
period of several months, modules will become optional.
|
|
||||||
%endif
|
|
||||||
%if 0%{?fedora} && 0%{?fedora} < 24
|
|
||||||
The main nginx package depends on this to ease the upgrade path. Starting from
|
|
||||||
Fedora 24, modules are optional.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%package filesystem
|
%package filesystem
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -209,11 +189,6 @@ Requires: nginx
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
|
||||||
|
|
||||||
%patch200 -p1
|
|
||||||
%patch201 -p1
|
|
||||||
%patch202 -p1
|
|
||||||
|
|
||||||
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
||||||
|
|
||||||
@ -252,6 +227,7 @@ export DESTDIR=%{buildroot}
|
|||||||
--with-http_ssl_module \
|
--with-http_ssl_module \
|
||||||
--with-http_v2_module \
|
--with-http_v2_module \
|
||||||
--with-http_realip_module \
|
--with-http_realip_module \
|
||||||
|
--with-stream_ssl_preread_module \
|
||||||
--with-http_addition_module \
|
--with-http_addition_module \
|
||||||
--with-http_xslt_module=dynamic \
|
--with-http_xslt_module=dynamic \
|
||||||
--with-http_image_filter_module=dynamic \
|
--with-http_image_filter_module=dynamic \
|
||||||
@ -485,17 +461,24 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Apr 19 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 1:1.14.1-9.alma
|
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
|
||||||
- Debrand for AlmaLinux
|
- update to 1.16.1
|
||||||
|
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
|
||||||
* Fri Aug 30 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-9
|
of data request leads to denial of service
|
||||||
- Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of
|
- Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using
|
||||||
data request leads to denial of service
|
|
||||||
- Resolves: #1744325 - CVE-2019-9513 nginx:1.14/nginx: HTTP/2: flood using
|
|
||||||
PRIORITY frames resulting in excessive resource consumption
|
PRIORITY frames resulting in excessive resource consumption
|
||||||
- Resolves: #1745094 - CVE-2019-9516 nginx:1.14/nginx: HTTP/2: 0-length
|
- Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length
|
||||||
headers leads to denial of service
|
headers leads to denial of service
|
||||||
|
|
||||||
|
* Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2
|
||||||
|
- Resolves: #1718929 - ssl_protocols config option has faulty behavior
|
||||||
|
in nginx:1.16
|
||||||
|
|
||||||
|
* Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1
|
||||||
|
- new version 1.16.0
|
||||||
|
- enable ngx_stream_ssl_preread module
|
||||||
|
- main package does NOT require all-modules package
|
||||||
|
|
||||||
* Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8
|
* Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8
|
||||||
- enable TLS 1.3 by default (#1643647)
|
- enable TLS 1.3 by default (#1643647)
|
||||||
- TLSv1.0 and TLSv1.1 can be enabled now (#1644746)
|
- TLSv1.0 and TLSv1.1 can be enabled now (#1644746)
|
||||||
|
Loading…
Reference in New Issue
Block a user