forked from rpms/nginx
Compare commits
No commits in common. "c8-stream-1.18" and "c8-stream-1.16" have entirely different histories.
c8-stream-
...
c8-stream-
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/nginx-1.18.0.tar.gz
|
SOURCES/nginx-1.16.1.tar.gz
|
||||||
SOURCES/poweredby.png
|
SOURCES/poweredby.png
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz
|
77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
|
||||||
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
||||||
|
@ -1,76 +0,0 @@
|
|||||||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
|
||||||
index 0a2f260..606b6e2 100644
|
|
||||||
--- a/src/event/ngx_event_openssl.c
|
|
||||||
+++ b/src/event/ngx_event_openssl.c
|
|
||||||
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
|
|
||||||
X509 *x509, *temp;
|
|
||||||
u_long n;
|
|
||||||
|
|
||||||
+ if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
|
|
||||||
+
|
|
||||||
+#ifndef OPENSSL_NO_ENGINE
|
|
||||||
+
|
|
||||||
+ u_char *p, *last;
|
|
||||||
+ ENGINE *engine;
|
|
||||||
+
|
|
||||||
+ p = cert->data + sizeof("engine:") - 1;
|
|
||||||
+ last = (u_char *) ngx_strchr(p, ':');
|
|
||||||
+
|
|
||||||
+ if (last == NULL) {
|
|
||||||
+ *err = "invalid syntax";
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ *last = '\0';
|
|
||||||
+
|
|
||||||
+ engine = ENGINE_by_id((char *) p);
|
|
||||||
+
|
|
||||||
+ if (engine == NULL) {
|
|
||||||
+ *err = "ENGINE_by_id() failed";
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!ENGINE_init(engine)) {
|
|
||||||
+ *err = "ENGINE_init() failed";
|
|
||||||
+ ENGINE_free(engine);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ *last++ = ':';
|
|
||||||
+
|
|
||||||
+ struct {
|
|
||||||
+ const char *cert_id;
|
|
||||||
+ X509 *cert;
|
|
||||||
+ } params = { (char *) last, NULL };
|
|
||||||
+
|
|
||||||
+ if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) {
|
|
||||||
+ *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
|
|
||||||
+ ENGINE_free(engine);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ENGINE_finish(engine);
|
|
||||||
+ ENGINE_free(engine);
|
|
||||||
+
|
|
||||||
+ /* set chain to null */
|
|
||||||
+
|
|
||||||
+ *chain = sk_X509_new_null();
|
|
||||||
+ if (*chain == NULL) {
|
|
||||||
+ *err = "sk_X509_new_null() failed";
|
|
||||||
+ X509_free(params.cert);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return params.cert;
|
|
||||||
+
|
|
||||||
+#else
|
|
||||||
+
|
|
||||||
+ *err = "loading \"engine:...\" certificate is not supported";
|
|
||||||
+ return NULL;
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
|
|
||||||
|
|
||||||
bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
|
|
@ -25,7 +25,7 @@ http {
|
|||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 4096;
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
@ -36,14 +36,17 @@ http {
|
|||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80 default_server;
|
||||||
listen [::]:80;
|
listen [::]:80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
include /etc/nginx/default.d/*.conf;
|
include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
}
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
location = /40x.html {
|
location = /40x.html {
|
||||||
}
|
}
|
||||||
@ -56,8 +59,8 @@ http {
|
|||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
#
|
#
|
||||||
# server {
|
# server {
|
||||||
# listen 443 ssl http2;
|
# listen 443 ssl http2 default_server;
|
||||||
# listen [::]:443 ssl http2;
|
# listen [::]:443 ssl http2 default_server;
|
||||||
# server_name _;
|
# server_name _;
|
||||||
# root /usr/share/nginx/html;
|
# root /usr/share/nginx/html;
|
||||||
#
|
#
|
||||||
@ -71,6 +74,9 @@ http {
|
|||||||
# # Load configuration files for the default server block.
|
# # Load configuration files for the default server block.
|
||||||
# include /etc/nginx/default.d/*.conf;
|
# include /etc/nginx/default.d/*.conf;
|
||||||
#
|
#
|
||||||
|
# location / {
|
||||||
|
# }
|
||||||
|
#
|
||||||
# error_page 404 /404.html;
|
# error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
# }
|
# }
|
||||||
|
@ -18,8 +18,8 @@
|
|||||||
|
|
||||||
Name: nginx
|
Name: nginx
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.18.0
|
Version: 1.16.1
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
|
|
||||||
Summary: A high performance web server and reverse proxy server
|
Summary: A high performance web server and reverse proxy server
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -59,9 +59,6 @@ Patch3: nginx-1.14.1-perl-module-hardening.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
||||||
Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
|
Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
|
|
||||||
Patch5: nginx-1.18.0-pkcs11-cert.patch
|
|
||||||
|
|
||||||
%if 0%{?with_gperftools}
|
%if 0%{?with_gperftools}
|
||||||
BuildRequires: gperftools-devel
|
BuildRequires: gperftools-devel
|
||||||
%endif
|
%endif
|
||||||
@ -192,7 +189,6 @@ Requires: nginx
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
|
||||||
|
|
||||||
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
||||||
|
|
||||||
@ -465,14 +461,6 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
|
|
||||||
- new version 1.18.0
|
|
||||||
- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
|
|
||||||
(PKCS#11)
|
|
||||||
- Increased types_hash_max_size to 4096 in default config
|
|
||||||
- Drop location / from default config (rhbz#1564768)
|
|
||||||
- Drop default_sever from default config (rhbz#1373822)
|
|
||||||
|
|
||||||
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
|
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
|
||||||
- update to 1.16.1
|
- update to 1.16.1
|
||||||
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
|
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
|
||||||
|
Loading…
Reference in New Issue
Block a user