.gitignore

@@ -1,2 +1,2 @@
-SOURCES/nginx-1.18.0.tar.gz
+SOURCES/nginx-1.16.1.tar.gz
 SOURCES/poweredby.png

.nginx.metadata

@@ -1,2 +1,2 @@
-47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz
+77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
 2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png

SOURCES/nginx-1.18.0-pkcs11-cert.patch

@@ -1,76 +0,0 @@
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 0a2f260..606b6e2 100644
---- a/src/event/ngx_event_openssl.c
-+++ b/src/event/ngx_event_openssl.c
-@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
-     X509    *x509, *temp;
-     u_long   n;
- 
-+    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
-+
-+#ifndef OPENSSL_NO_ENGINE
-+
-+        u_char  *p, *last;
-+        ENGINE  *engine;
-+
-+        p = cert->data + sizeof("engine:") - 1;
-+        last = (u_char *) ngx_strchr(p, ':');
-+
-+        if (last == NULL) {
-+            *err = "invalid syntax";
-+            return NULL;
-+        }
-+
-+        *last = '\0';
-+
-+        engine = ENGINE_by_id((char *) p);
-+
-+        if (engine == NULL) {
-+            *err = "ENGINE_by_id() failed";
-+            return NULL;
-+        }
-+
-+        if (!ENGINE_init(engine)) {
-+            *err = "ENGINE_init() failed";
-+            ENGINE_free(engine);
-+            return NULL;
-+        }
-+
-+        *last++ = ':';
-+
-+        struct {
-+            const char *cert_id;
-+            X509 *cert;
-+        } params = { (char *) last, NULL };
-+
-+        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &params, NULL, 1)) {
-+            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
-+            ENGINE_free(engine);
-+            return NULL;
-+        }
-+
-+        ENGINE_finish(engine);
-+        ENGINE_free(engine);
-+
-+        /* set chain to null */
-+
-+        *chain = sk_X509_new_null();
-+        if (*chain == NULL) {
-+           *err = "sk_X509_new_null() failed";
-+           X509_free(params.cert);
-+           return NULL;
-+        }
-+
-+        return params.cert;
-+
-+#else
-+
-+        *err = "loading \"engine:...\" certificate is not supported";
-+        return NULL;
-+
-+#endif
-+    }
-+
-     if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
- 
-         bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,

SOURCES/nginx.conf

@@ -25,7 +25,7 @@ http {
     tcp_nopush          on;
     tcp_nodelay         on;
     keepalive_timeout   65;
-    types_hash_max_size 4096;
+    types_hash_max_size 2048;
 
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;
@@ -36,14 +36,17 @@ http {
     include /etc/nginx/conf.d/*.conf;
 
     server {
-        listen       80;
-        listen       [::]:80;
+        listen       80 default_server;
+        listen       [::]:80 default_server;
         server_name  _;
         root         /usr/share/nginx/html;
 
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
+        location / {
+        }
+
         error_page 404 /404.html;
             location = /40x.html {
         }
@@ -56,8 +59,8 @@ http {
 # Settings for a TLS enabled server.
 #
 #    server {
-#        listen       443 ssl http2;
-#        listen       [::]:443 ssl http2;
+#        listen       443 ssl http2 default_server;
+#        listen       [::]:443 ssl http2 default_server;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
@@ -71,6 +74,9 @@ http {
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
 #
+#        location / {
+#        }
+#
 #        error_page 404 /404.html;
 #            location = /40x.html {
 #        }

SPECS/nginx.spec

@@ -18,8 +18,8 @@
 
 Name:              nginx
 Epoch:             1
-Version:           1.18.0
-Release:           2%{?dist}
+Version:           1.16.1
+Release:           1%{?dist}
 
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@@ -59,9 +59,6 @@ Patch3:            nginx-1.14.1-perl-module-hardening.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1643647
 Patch4:            nginx-1.16.0-enable-tls1v3-by-default.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
-Patch5:            nginx-1.18.0-pkcs11-cert.patch
-
 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
 %endif
@@ -192,7 +189,6 @@ Requires:          nginx
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
 
@@ -465,14 +461,6 @@ fi
 
 
 %changelog
-* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
-- new version 1.18.0
-- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
-  (PKCS#11)
-- Increased types_hash_max_size to 4096 in default config
-- Drop location / from default config (rhbz#1564768)
-- Drop default_sever from default config (rhbz#1373822)
-
 * Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
 - update to 1.16.1
 - Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount