forked from rpms/nginx
Compare commits
No commits in common. "c8-stream-1.16" and "a8-stream-1.18" have entirely different histories.
c8-stream-
...
a8-stream-
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1 @@
|
||||
SOURCES/nginx-1.16.1.tar.gz
|
||||
SOURCES/poweredby.png
|
||||
SOURCES/nginx-1.18.0.tar.gz
|
||||
|
||||
@ -1,2 +1 @@
|
||||
77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
|
||||
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
||||
47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body {
|
||||
background-color: #fff;
|
||||
background-color: #FAF5F5;
|
||||
color: #000;
|
||||
font-size: 0.9em;
|
||||
font-family: sans-serif,helvetica;
|
||||
@ -15,19 +15,19 @@
|
||||
padding: 0;
|
||||
}
|
||||
:link {
|
||||
color: #c00;
|
||||
color: #0B2335;
|
||||
}
|
||||
:visited {
|
||||
color: #c00;
|
||||
color: #0B2335;
|
||||
}
|
||||
a:hover {
|
||||
color: #f50;
|
||||
color: #0069DA;
|
||||
}
|
||||
h1 {
|
||||
text-align: center;
|
||||
margin: 0;
|
||||
padding: 0.6em 2em 0.4em;
|
||||
background-color: #900;
|
||||
background-color: #0B2335;
|
||||
color: #fff;
|
||||
font-weight: normal;
|
||||
font-size: 1.75em;
|
||||
@ -39,7 +39,7 @@
|
||||
}
|
||||
h2 {
|
||||
text-align: center;
|
||||
background-color: #900;
|
||||
background-color: #0B2335;
|
||||
font-size: 1.1em;
|
||||
font-weight: bold;
|
||||
color: #fff;
|
||||
@ -64,7 +64,7 @@
|
||||
}
|
||||
|
||||
img {
|
||||
border: 2px solid #fff;
|
||||
border: 2px solid #FAF5F5;
|
||||
padding: 2px;
|
||||
margin: 2px;
|
||||
}
|
||||
@ -92,7 +92,7 @@
|
||||
<p>Something has triggered missing webpage on your
|
||||
website. This is the default 404 error page for
|
||||
<strong>nginx</strong> that is distributed with
|
||||
Red Hat Enterprise Linux. It is located
|
||||
AlmaLinux. It is located
|
||||
<tt>/usr/share/nginx/html/404.html</tt></p>
|
||||
|
||||
<p>You should customize this error page for your own
|
||||
@ -100,20 +100,20 @@
|
||||
the <strong>nginx</strong> configuration file
|
||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||
|
||||
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="logos">
|
||||
<a href="http://nginx.net/"><img
|
||||
src="nginx-logo.png"
|
||||
src="nginx-logo.png"
|
||||
alt="[ Powered by nginx ]"
|
||||
width="121" height="32" /></a>
|
||||
<a href="http://www.redhat.com/"><img
|
||||
<a href="http://www.almalinux.org/"><img
|
||||
src="poweredby.png"
|
||||
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||
width="88" height="31" /></a>
|
||||
alt="[ Powered by AlmaLinux ]"
|
||||
width="124" height="32" /></a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body {
|
||||
background-color: #fff;
|
||||
background-color: #FAF5F5;
|
||||
color: #000;
|
||||
font-size: 0.9em;
|
||||
font-family: sans-serif,helvetica;
|
||||
@ -15,19 +15,19 @@
|
||||
padding: 0;
|
||||
}
|
||||
:link {
|
||||
color: #c00;
|
||||
color: #0B2335;
|
||||
}
|
||||
:visited {
|
||||
color: #c00;
|
||||
color: #0B2335;
|
||||
}
|
||||
a:hover {
|
||||
color: #f50;
|
||||
color: #0069DA;
|
||||
}
|
||||
h1 {
|
||||
text-align: center;
|
||||
margin: 0;
|
||||
padding: 0.6em 2em 0.4em;
|
||||
background-color: #900;
|
||||
background-color: #0B2335;
|
||||
color: #fff;
|
||||
font-weight: normal;
|
||||
font-size: 1.75em;
|
||||
@ -39,7 +39,7 @@
|
||||
}
|
||||
h2 {
|
||||
text-align: center;
|
||||
background-color: #900;
|
||||
background-color: #0B2335;
|
||||
font-size: 1.1em;
|
||||
font-weight: bold;
|
||||
color: #fff;
|
||||
@ -64,7 +64,7 @@
|
||||
}
|
||||
|
||||
img {
|
||||
border: 2px solid #fff;
|
||||
border: 2px solid #FAF5F5;
|
||||
padding: 2px;
|
||||
margin: 2px;
|
||||
}
|
||||
@ -92,7 +92,7 @@
|
||||
<p>Something has triggered missing webpage on your
|
||||
website. This is the default error page for
|
||||
<strong>nginx</strong> that is distributed with
|
||||
Red Hat Enterprise Linux. It is located
|
||||
AlmaLinux. It is located
|
||||
<tt>/usr/share/nginx/html/50x.html</tt></p>
|
||||
|
||||
<p>You should customize this error page for your own
|
||||
@ -100,20 +100,20 @@
|
||||
the <strong>nginx</strong> configuration file
|
||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||
|
||||
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="logos">
|
||||
<a href="http://nginx.net/"><img
|
||||
src="nginx-logo.png"
|
||||
src="nginx-logo.png"
|
||||
alt="[ Powered by nginx ]"
|
||||
width="121" height="32" /></a>
|
||||
<a href="http://www.redhat.com/"><img
|
||||
<a href="http://www.almalinux.org/"><img
|
||||
src="poweredby.png"
|
||||
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||
width="88" height="31" /></a>
|
||||
alt="[ Powered by AlmaLinux ]"
|
||||
width="124" height="32" /></a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
@ -1,117 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
||||
<head>
|
||||
<title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body {
|
||||
background-color: #fff;
|
||||
color: #000;
|
||||
font-size: 0.9em;
|
||||
font-family: sans-serif,helvetica;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
:link {
|
||||
color: #c00;
|
||||
}
|
||||
:visited {
|
||||
color: #c00;
|
||||
}
|
||||
a:hover {
|
||||
color: #f50;
|
||||
}
|
||||
h1 {
|
||||
text-align: center;
|
||||
margin: 0;
|
||||
padding: 0.6em 2em 0.4em;
|
||||
background-color: #900;
|
||||
color: #fff;
|
||||
font-weight: normal;
|
||||
font-size: 1.75em;
|
||||
border-bottom: 2px solid #000;
|
||||
}
|
||||
h1 strong {
|
||||
font-weight: bold;
|
||||
font-size: 1.5em;
|
||||
}
|
||||
h2 {
|
||||
text-align: center;
|
||||
background-color: #900;
|
||||
font-size: 1.1em;
|
||||
font-weight: bold;
|
||||
color: #fff;
|
||||
margin: 0;
|
||||
padding: 0.5em;
|
||||
border-bottom: 2px solid #000;
|
||||
}
|
||||
hr {
|
||||
display: none;
|
||||
}
|
||||
.content {
|
||||
padding: 1em 5em;
|
||||
}
|
||||
.alert {
|
||||
border: 2px solid #000;
|
||||
}
|
||||
|
||||
img {
|
||||
border: 2px solid #fff;
|
||||
padding: 2px;
|
||||
margin: 2px;
|
||||
}
|
||||
a:hover img {
|
||||
border: 2px solid #294172;
|
||||
}
|
||||
.logos {
|
||||
margin: 1em;
|
||||
text-align: center;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
|
||||
|
||||
<div class="content">
|
||||
<p>This page is used to test the proper operation of the
|
||||
<strong>nginx</strong> HTTP server after it has been
|
||||
installed. If you can read this page, it means that the
|
||||
web server installed at this site is working
|
||||
properly.</p>
|
||||
|
||||
<div class="alert">
|
||||
<h2>Website Administrator</h2>
|
||||
<div class="content">
|
||||
<p>This is the default <tt>index.html</tt> page that
|
||||
is distributed with <strong>nginx</strong> on
|
||||
Red Hat Enterprise Linux. It is located in
|
||||
<tt>/usr/share/nginx/html</tt>.</p>
|
||||
|
||||
<p>You should now put your content in a location of
|
||||
your choice and edit the <tt>root</tt> configuration
|
||||
directive in the <strong>nginx</strong>
|
||||
configuration file
|
||||
<tt>/etc/nginx/nginx.conf</tt>.</p>
|
||||
|
||||
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="logos">
|
||||
<a href="http://nginx.net/"><img
|
||||
src="nginx-logo.png"
|
||||
alt="[ Powered by nginx ]"
|
||||
width="121" height="32" /></a>
|
||||
<a href="http://www.redhat.com/"><img
|
||||
src="poweredby.png"
|
||||
alt="[ Powered by Red Hat Enterprise Linux ]"
|
||||
width="88" height="31" /></a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
24
SOURCES/nginx-1.18.0-CVE-2021-23017.patch
Normal file
24
SOURCES/nginx-1.18.0-CVE-2021-23017.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
|
||||
index e51712c..4e75ab8 100644
|
||||
--- a/src/core/ngx_resolver.c
|
||||
+++ b/src/core/ngx_resolver.c
|
||||
@@ -3993,15 +3993,15 @@ done:
|
||||
n = *src++;
|
||||
|
||||
} else {
|
||||
+ if (dst != name->data) {
|
||||
+ *dst++ = '.';
|
||||
+ }
|
||||
+
|
||||
ngx_strlow(dst, src, n);
|
||||
dst += n;
|
||||
src += n;
|
||||
|
||||
n = *src++;
|
||||
-
|
||||
- if (n != 0) {
|
||||
- *dst++ = '.';
|
||||
- }
|
||||
}
|
||||
|
||||
if (n == 0) {
|
||||
76
SOURCES/nginx-1.18.0-pkcs11-cert.patch
Normal file
76
SOURCES/nginx-1.18.0-pkcs11-cert.patch
Normal file
@ -0,0 +1,76 @@
|
||||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||
index 0a2f260..606b6e2 100644
|
||||
--- a/src/event/ngx_event_openssl.c
|
||||
+++ b/src/event/ngx_event_openssl.c
|
||||
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
|
||||
X509 *x509, *temp;
|
||||
u_long n;
|
||||
|
||||
+ if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
|
||||
+
|
||||
+#ifndef OPENSSL_NO_ENGINE
|
||||
+
|
||||
+ u_char *p, *last;
|
||||
+ ENGINE *engine;
|
||||
+
|
||||
+ p = cert->data + sizeof("engine:") - 1;
|
||||
+ last = (u_char *) ngx_strchr(p, ':');
|
||||
+
|
||||
+ if (last == NULL) {
|
||||
+ *err = "invalid syntax";
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ *last = '\0';
|
||||
+
|
||||
+ engine = ENGINE_by_id((char *) p);
|
||||
+
|
||||
+ if (engine == NULL) {
|
||||
+ *err = "ENGINE_by_id() failed";
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!ENGINE_init(engine)) {
|
||||
+ *err = "ENGINE_init() failed";
|
||||
+ ENGINE_free(engine);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ *last++ = ':';
|
||||
+
|
||||
+ struct {
|
||||
+ const char *cert_id;
|
||||
+ X509 *cert;
|
||||
+ } params = { (char *) last, NULL };
|
||||
+
|
||||
+ if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) {
|
||||
+ *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
|
||||
+ ENGINE_free(engine);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ ENGINE_finish(engine);
|
||||
+ ENGINE_free(engine);
|
||||
+
|
||||
+ /* set chain to null */
|
||||
+
|
||||
+ *chain = sk_X509_new_null();
|
||||
+ if (*chain == NULL) {
|
||||
+ *err = "sk_X509_new_null() failed";
|
||||
+ X509_free(params.cert);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return params.cert;
|
||||
+
|
||||
+#else
|
||||
+
|
||||
+ *err = "loading \"engine:...\" certificate is not supported";
|
||||
+ return NULL;
|
||||
+
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
|
||||
|
||||
bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
|
||||
@ -25,7 +25,7 @@ http {
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
types_hash_max_size 4096;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
@ -36,17 +36,14 @@ http {
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
# Load configuration files for the default server block.
|
||||
include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location / {
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
@ -59,8 +56,8 @@ http {
|
||||
# Settings for a TLS enabled server.
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl http2 default_server;
|
||||
# listen [::]:443 ssl http2 default_server;
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
# server_name _;
|
||||
# root /usr/share/nginx/html;
|
||||
#
|
||||
@ -74,9 +71,6 @@ http {
|
||||
# # Load configuration files for the default server block.
|
||||
# include /etc/nginx/default.d/*.conf;
|
||||
#
|
||||
# location / {
|
||||
# }
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
|
||||
@ -18,8 +18,8 @@
|
||||
|
||||
Name: nginx
|
||||
Epoch: 1
|
||||
Version: 1.16.1
|
||||
Release: 1%{?dist}
|
||||
Version: 1.18.0
|
||||
Release: 3%{?dist}.1.alma
|
||||
|
||||
Summary: A high performance web server and reverse proxy server
|
||||
Group: System Environment/Daemons
|
||||
@ -34,8 +34,6 @@ Source11: nginx.logrotate
|
||||
Source12: nginx.conf
|
||||
Source13: nginx-upgrade
|
||||
Source14: nginx-upgrade.8
|
||||
Source100: index.html
|
||||
Source101: poweredby.png
|
||||
Source102: nginx-logo.png
|
||||
Source103: 404.html
|
||||
Source104: 50x.html
|
||||
@ -59,6 +57,12 @@ Patch3: nginx-1.14.1-perl-module-hardening.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
||||
Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
|
||||
Patch5: nginx-1.18.0-pkcs11-cert.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1963121
|
||||
Patch6: nginx-1.18.0-CVE-2021-23017.patch
|
||||
|
||||
%if 0%{?with_gperftools}
|
||||
BuildRequires: gperftools-devel
|
||||
%endif
|
||||
@ -67,6 +71,7 @@ BuildRequires: pcre-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
|
||||
Requires: system-logos-httpd >= 82.0
|
||||
|
||||
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
|
||||
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
|
||||
@ -189,6 +194,8 @@ Requires: nginx
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
||||
|
||||
@ -292,10 +299,19 @@ install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
|
||||
|
||||
install -p -m 0644 ./nginx.conf \
|
||||
%{buildroot}%{_sysconfdir}/nginx
|
||||
install -p -m 0644 %{SOURCE100} \
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
install -p -m 0644 %{SOURCE101} %{SOURCE102} \
|
||||
|
||||
rm -f %{buildroot}%{_datadir}/nginx/html/index.html
|
||||
ln -s ../../testpage/index.html \
|
||||
%{buildroot}%{_datadir}/nginx/html/index.html
|
||||
install -p -m 0644 %{SOURCE102} \
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png
|
||||
mkdir -p %{buildroot}%{_datadir}/nginx/html/icons
|
||||
|
||||
# Symlink for the powered-by-$DISTRO image:
|
||||
ln -s ../../../pixmaps/poweredby.png \
|
||||
%{buildroot}%{_datadir}/nginx/html/icons/poweredby.png
|
||||
|
||||
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
|
||||
@ -461,6 +477,26 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jun 08 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 1:1.18.0-3.1.alma
|
||||
- Debrand for AlmaLinux
|
||||
|
||||
* Tue May 25 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.18.0-3.1
|
||||
- Resolves: #1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in
|
||||
ngx_resolver_copy() when labels are followed by a pointer to a root
|
||||
domain name
|
||||
|
||||
* Thu Nov 12 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-3
|
||||
- Resolves: #1651377 - centralizing default index.html on nginx
|
||||
- Resolves: #1825683 - Outdated Red Hat branding used in nginx default pages
|
||||
|
||||
* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
|
||||
- new version 1.18.0
|
||||
- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
|
||||
(PKCS#11)
|
||||
- Increased types_hash_max_size to 4096 in default config
|
||||
- Drop location / from default config (rhbz#1564768)
|
||||
- Drop default_sever from default config (rhbz#1373822)
|
||||
|
||||
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
|
||||
- update to 1.16.1
|
||||
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
|
||||
|
||||
Loading…
Reference in New Issue
Block a user