7 changed files with 135 additions and 152 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
-SOURCES/nginx-1.16.1.tar.gz
-SOURCES/poweredby.png
+SOURCES/nginx-1.20.0.tar.gz
--- a/.nginx.metadata
+++ b/.nginx.metadata
@ -1,2 +1 @@
-77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
-2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
+71dc4916e9ac7e15b03f7ea71577f72e0dd5dff1 SOURCES/nginx-1.20.0.tar.gz
--- a/SOURCES/index.html
+++ b/SOURCES/index.html
@ -1,117 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-    <head>
-        <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-        <style type="text/css">
-            /*<![CDATA[*/
-            body {
-                background-color: #fff;
-                color: #000;
-                font-size: 0.9em;
-                font-family: sans-serif,helvetica;
-                margin: 0;
-                padding: 0;
-            }
-            :link {
-                color: #c00;
-            }
-            :visited {
-                color: #c00;
-            }
-            a:hover {
-                color: #f50;
-            }
-            h1 {
-                text-align: center;
-                margin: 0;
-                padding: 0.6em 2em 0.4em;
-                background-color: #900;
-                color: #fff;
-                font-weight: normal;
-                font-size: 1.75em;
-                border-bottom: 2px solid #000;
-            }
-            h1 strong {
-                font-weight: bold;
-                font-size: 1.5em;
-            }
-            h2 {
-                text-align: center;
-                background-color: #900;
-                font-size: 1.1em;
-                font-weight: bold;
-                color: #fff;
-                margin: 0;
-                padding: 0.5em;
-                border-bottom: 2px solid #000;
-            }
-            hr {
-                display: none;
-            }
-            .content {
-                padding: 1em 5em;
-            }
-            .alert {
-                border: 2px solid #000;
-            }
-
-            img {
-                border: 2px solid #fff;
-                padding: 2px;
-                margin: 2px;
-            }
-            a:hover img {
-                border: 2px solid #294172;
-            }
-            .logos {
-                margin: 1em;
-                text-align: center;
-            }
-            /*]]>*/
-        </style>
-    </head>
-
-    <body>
-        <h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
-
-        <div class="content">
-            <p>This page is used to test the proper operation of the
-            <strong>nginx</strong> HTTP server after it has been
-            installed. If you can read this page, it means that the
-            web server installed at this site is working
-            properly.</p>
-
-            <div class="alert">
-                <h2>Website Administrator</h2>
-                <div class="content">
-                    <p>This is the default <tt>index.html</tt> page that
-                    is distributed with <strong>nginx</strong> on
-                    Red Hat Enterprise Linux.  It is located in
-                    <tt>/usr/share/nginx/html</tt>.</p>
-
-                    <p>You should now put your content in a location of
-                    your choice and edit the <tt>root</tt> configuration
-                    directive in the <strong>nginx</strong>
-                    configuration file
-                    <tt>/etc/nginx/nginx.conf</tt>.</p>
-
-                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
-
-                </div>
-            </div>
-
-            <div class="logos">
-                <a href="http://nginx.net/"><img
-                    src="nginx-logo.png" 
-                    alt="[ Powered by nginx ]"
-                    width="121" height="32" /></a>
-                <a href="http://www.redhat.com/"><img
-                    src="poweredby.png"
-                    alt="[ Powered by Red Hat Enterprise Linux ]"
-                    width="88" height="31" /></a>
-            </div>
-        </div>
-    </body>
-</html>
--- a/SOURCES/nginx-1.18.0-pkcs11-cert.patch
+++ b/SOURCES/nginx-1.18.0-pkcs11-cert.patch
@ -0,0 +1,76 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 0a2f260..606b6e2 100644
+--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
+@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
+     X509    *x509, *temp;
+     u_long   n;
+ 
+    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
+
+#ifndef OPENSSL_NO_ENGINE
+
+        u_char  *p, *last;
+        ENGINE  *engine;
+
+        p = cert->data + sizeof("engine:") - 1;
+        last = (u_char *) ngx_strchr(p, ':');
+
+        if (last == NULL) {
+            *err = "invalid syntax";
+            return NULL;
+        }
+
+        *last = '\0';
+
+        engine = ENGINE_by_id((char *) p);
+
+        if (engine == NULL) {
+            *err = "ENGINE_by_id() failed";
+            return NULL;
+        }
+
+        if (!ENGINE_init(engine)) {
+            *err = "ENGINE_init() failed";
+            ENGINE_free(engine);
+            return NULL;
+        }
+
+        *last++ = ':';
+
+        struct {
+            const char *cert_id;
+            X509 *cert;
+        } params = { (char *) last, NULL };
+
+        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &params, NULL, 1)) {
+            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
+            ENGINE_free(engine);
+            return NULL;
+        }
+
+        ENGINE_finish(engine);
+        ENGINE_free(engine);
+
+        /* set chain to null */
+
+        *chain = sk_X509_new_null();
+        if (*chain == NULL) {
+           *err = "sk_X509_new_null() failed";
+           X509_free(params.cert);
+           return NULL;
+        }
+
+        return params.cert;
+
+#else
+
+        *err = "loading \"engine:...\" certificate is not supported";
+        return NULL;
+
+#endif
+    }
+
+     if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
+ 
+         bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
--- a/SOURCES/nginx-1.20.0-enable-tls1v3-by-default.patch
+++ b/SOURCES/nginx-1.20.0-enable-tls1v3-by-default.patch
@ -1,8 +1,8 @@
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 345914f..d23967f 100644
+index 2b0c5e6..9278087 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
-@@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
+@@ -258,6 +258,8 @@ ngx_ssl_init(ngx_log_t *log)
 ngx_int_t
 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 {
@ -11,7 +11,7 @@ index 345914f..d23967f 100644
     ssl->ctx = SSL_CTX_new(SSLv23_method());
 
     if (ssl->ctx == NULL) {
-@@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
+@@ -322,49 +324,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
 
@ -102,10 +102,10 @@ index 345914f..d23967f 100644
 #ifdef SSL_OP_NO_COMPRESSION
     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
 diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
-index 61da0c5..fa7ac41 100644
+index 329760d..5cee113 100644
 --- a/src/event/ngx_event_openssl.h
 +++ b/src/event/ngx_event_openssl.h
-@@ -145,6 +145,7 @@ typedef struct {
+@@ -152,6 +152,7 @@ typedef struct {
 #endif
 
 
@ -114,11 +114,11 @@ index 61da0c5..fa7ac41 100644
 #define NGX_SSL_SSLv3    0x0004
 #define NGX_SSL_TLSv1    0x0008
 diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
-index b3f8f47..8340a12 100644
+index a47d696..94f30db 100644
 --- a/src/http/modules/ngx_http_ssl_module.c
 +++ b/src/http/modules/ngx_http_ssl_module.c
-@@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
-     ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
+@@ -671,8 +671,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+     ngx_conf_merge_value(conf->reject_handshake, prev->reject_handshake, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
 -                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
@ -128,10 +128,10 @@ index b3f8f47..8340a12 100644
     ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
                          NGX_SSL_BUFSIZE);
 diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
-index 5544f75..3316a4b 100644
+index 7eae83e..8328560 100644
 --- a/src/mail/ngx_mail_ssl_module.c
 +++ b/src/mail/ngx_mail_ssl_module.c
-@@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+@@ -306,8 +306,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
@ -142,10 +142,10 @@ index 5544f75..3316a4b 100644
     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
 diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
-index ec9524e..37af046 100644
+index d8c0471..cef590d 100644
 --- a/src/stream/ngx_stream_ssl_module.c
 +++ b/src/stream/ngx_stream_ssl_module.c
-@@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+@@ -641,8 +641,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
--- a/SOURCES/nginx.conf
+++ b/SOURCES/nginx.conf
@ -25,7 +25,7 @@ http {
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
-    types_hash_max_size 2048;
+    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
@ -36,17 +36,14 @@ http {
    include /etc/nginx/conf.d/*.conf;

    server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
+        listen       80;
+        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

-        location / {
-        }
-
        error_page 404 /404.html;
            location = /40x.html {
        }
@ -59,8 +56,8 @@ http {
 # Settings for a TLS enabled server.
 #
 #    server {
-#        listen       443 ssl http2 default_server;
-#        listen       [::]:443 ssl http2 default_server;
+#        listen       443 ssl http2;
+#        listen       [::]:443 ssl http2;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
@ -74,9 +71,6 @@ http {
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
 #
-#        location / {
-#        }
-#
 #        error_page 404 /404.html;
 #            location = /40x.html {
 #        }
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@ -18,8 +18,8 @@

 Name:              nginx
 Epoch:             1
-Version:           1.16.1
-Release:           1%{?dist}
+Version:           1.20.0
+Release:           2%{?dist}

 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@ -34,8 +34,6 @@ Source11:          nginx.logrotate
 Source12:          nginx.conf
 Source13:          nginx-upgrade
 Source14:          nginx-upgrade.8
-Source100:         index.html
-Source101:         poweredby.png
 Source102:         nginx-logo.png
 Source103:         404.html
 Source104:         50x.html
@ -57,7 +55,10 @@ Patch2:            nginx-1.16.0-pkcs11.patch
 Patch3:            nginx-1.14.1-perl-module-hardening.patch

 # https://bugzilla.redhat.com/show_bug.cgi?id=1643647
-Patch4:            nginx-1.16.0-enable-tls1v3-by-default.patch
+Patch4:            nginx-1.20.0-enable-tls1v3-by-default.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
+Patch5:            nginx-1.18.0-pkcs11-cert.patch

 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
@ -67,6 +68,7 @@ BuildRequires:     pcre-devel
 BuildRequires:     zlib-devel

 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}
+Requires:          system-logos-httpd >= 82.0

 %if 0%{?rhel} > 0 && 0%{?rhel} < 8
 # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
@ -189,6 +191,7 @@ Requires:          nginx
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1

 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .

@ -258,6 +261,7 @@ export DESTDIR=%{buildroot}
 %endif
    --with-debug \
    --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
+    --with-compat \
    --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols

 make %{?_smp_mflags}
@ -292,10 +296,19 @@ install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules

 install -p -m 0644 ./nginx.conf \
    %{buildroot}%{_sysconfdir}/nginx
-install -p -m 0644 %{SOURCE100} \
-    %{buildroot}%{_datadir}/nginx/html
-install -p -m 0644 %{SOURCE101} %{SOURCE102} \
+
+rm -f %{buildroot}%{_datadir}/nginx/html/index.html
+ln -s ../../testpage/index.html \
+    %{buildroot}%{_datadir}/nginx/html/index.html
+install -p -m 0644 %{SOURCE102} \
    %{buildroot}%{_datadir}/nginx/html
+ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png
+mkdir -p %{buildroot}%{_datadir}/nginx/html/icons
+
+# Symlink for the powered-by-$DISTRO image:
+ln -s ../../../pixmaps/poweredby.png \
+    %{buildroot}%{_datadir}/nginx/html/icons/poweredby.png
+
 install -p -m 0644 %{SOURCE103} %{SOURCE104} \
    %{buildroot}%{_datadir}/nginx/html

@ -461,6 +474,25 @@ fi


 %changelog
+* Fri Aug 20 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.0-2
+- Resolves: #1991796 - build nginx with --with-compat
+
+* Wed May 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-1
+- new version 1.20.0
+- Resolves: #1945671 - RFE: add nginx:1.20 module stream
+
+* Thu Nov 12 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-3
+- Resolves: #1651377 - centralizing default index.html on nginx
+- Resolves: #1825683 - Outdated Red Hat branding used in nginx default pages
+
+* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
+- new version 1.18.0
+- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
+  (PKCS#11)
+- Increased types_hash_max_size to 4096 in default config
+- Drop location / from default config (rhbz#1564768)
+- Drop default_sever from default config (rhbz#1373822)
+
 * Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
 - update to 1.16.1
 - Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount