diff --git a/0001-remove-Werror-in-upstream-build-scripts.patch b/0001-remove-Werror-in-upstream-build-scripts.patch index 2695031..6bb346d 100644 --- a/0001-remove-Werror-in-upstream-build-scripts.patch +++ b/0001-remove-Werror-in-upstream-build-scripts.patch @@ -1,7 +1,7 @@ -From 00cab63102084b89de0a3494a1d023c4b1d4982b Mon Sep 17 00:00:00 2001 +From d4b67917818eb4c2bda9ccc5a2677926cfa0cc81 Mon Sep 17 00:00:00 2001 From: Felix Kaechele Date: Sun, 7 Jun 2020 12:14:02 -0400 -Subject: [PATCH 1/2] remove Werror in upstream build scripts +Subject: [PATCH 1/3] remove Werror in upstream build scripts removes -Werror in upstream build scripts. -Werror conflicts with -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. @@ -12,7 +12,7 @@ Signed-off-by: Felix Kaechele 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/auto/cc/gcc b/auto/cc/gcc -index a5c5c18..cdbbadb 100644 +index a5c5c18fba3f..cdbbadb54023 100644 --- a/auto/cc/gcc +++ b/auto/cc/gcc @@ -166,7 +166,9 @@ esac @@ -27,5 +27,5 @@ index a5c5c18..cdbbadb 100644 # debug CFLAGS="$CFLAGS -g" -- -2.31.1 +2.44.0 diff --git a/0002-fix-PIDFile-handling.patch b/0002-fix-PIDFile-handling.patch index 5748b63..4e967b3 100644 --- a/0002-fix-PIDFile-handling.patch +++ b/0002-fix-PIDFile-handling.patch @@ -1,7 +1,7 @@ -From 62470498cca9a209aa9904668c1949f5229123af Mon Sep 17 00:00:00 2001 +From 29c20440c27d6b13a4f933279da59fd8b442f5d7 Mon Sep 17 00:00:00 2001 From: Felix Kaechele Date: Tue, 20 Apr 2021 21:28:18 -0400 -Subject: [PATCH 2/2] fix PIDFile handling +Subject: [PATCH 2/3] fix PIDFile handling Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026 @@ -13,7 +13,7 @@ From original patch: Author: Tj Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365 -iLast-Update: 2020-06-24 +Last-Update: 2020-06-24 Signed-off-by: Felix Kaechele --- @@ -22,10 +22,10 @@ Signed-off-by: Felix Kaechele 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/src/core/nginx.c b/src/core/nginx.c -index 48a20e9..32c0afe 100644 +index 0deb27b7f98a..23edb59ff105 100644 --- a/src/core/nginx.c +++ b/src/core/nginx.c -@@ -339,14 +339,21 @@ main(int argc, char *const *argv) +@@ -340,14 +340,21 @@ main(int argc, char *const *argv) ngx_process = NGX_PROCESS_MASTER; } @@ -48,7 +48,7 @@ index 48a20e9..32c0afe 100644 return 1; } -@@ -359,8 +366,19 @@ main(int argc, char *const *argv) +@@ -360,8 +367,19 @@ main(int argc, char *const *argv) #endif @@ -71,7 +71,7 @@ index 48a20e9..32c0afe 100644 if (ngx_log_redirect_stderr(cycle) != NGX_OK) { diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c -index 385c49b..3719854 100644 +index 385c49b6c3d1..3719854c52b0 100644 --- a/src/os/unix/ngx_daemon.c +++ b/src/os/unix/ngx_daemon.c @@ -7,14 +7,17 @@ @@ -104,5 +104,5 @@ index 385c49b..3719854 100644 ngx_parent = ngx_pid; -- -2.31.1 +2.44.0 diff --git a/0003-add-ssl-pass-phrase-dialog.patch b/0003-Add-SSL-passphrase-dialog.patch similarity index 81% rename from 0003-add-ssl-pass-phrase-dialog.patch rename to 0003-Add-SSL-passphrase-dialog.patch index 6e5986b..b7b00a6 100644 --- a/0003-add-ssl-pass-phrase-dialog.patch +++ b/0003-Add-SSL-passphrase-dialog.patch @@ -1,8 +1,29 @@ +From 679397c62265a5ee93953d0913dc834b163a5aec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Wed, 22 May 2024 22:23:08 +0200 +Subject: [PATCH 3/3] Add SSL passphrase dialog + +--- + contrib/vim/syntax/nginx.vim | 1 + + src/event/ngx_event_openssl.c | 126 +++++++++++++++++++++-- + src/event/ngx_event_openssl.h | 14 ++- + src/http/modules/ngx_http_grpc_module.c | 2 +- + src/http/modules/ngx_http_proxy_module.c | 2 +- + src/http/modules/ngx_http_ssl_module.c | 70 ++++++++++++- + src/http/modules/ngx_http_ssl_module.h | 2 + + src/http/modules/ngx_http_uwsgi_module.c | 2 +- + src/mail/ngx_mail_ssl_module.c | 66 +++++++++++- + src/mail/ngx_mail_ssl_module.h | 2 + + src/stream/ngx_stream_proxy_module.c | 2 +- + src/stream/ngx_stream_ssl_module.c | 61 ++++++++++- + src/stream/ngx_stream_ssl_module.h | 2 + + 13 files changed, 335 insertions(+), 17 deletions(-) + diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim -index 7d587fc..15b21e2 100644 +index 29eef7a..e7227eb 100644 --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim -@@ -617,6 +617,7 @@ syn keyword ngxDirective contained ssl_ocsp +@@ -593,6 +593,7 @@ syn keyword ngxDirective contained ssl_ocsp syn keyword ngxDirective contained ssl_ocsp_cache syn keyword ngxDirective contained ssl_ocsp_responder syn keyword ngxDirective contained ssl_password_file @@ -11,32 +32,27 @@ index 7d587fc..15b21e2 100644 syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_protocols diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c -index 104e8da..8cf777e 100644 +index 89f277f..6f7f2a2 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c -@@ -9,9 +9,8 @@ - #include - #include +@@ -11,6 +11,7 @@ + -- #define NGX_SSL_PASSWORD_BUFFER_SIZE 4096 -- -+#define NGX_PASS_PHRASE_ARG_MAX_LEN 255 ++#define NGX_PASS_PHRASE_ARG_MAX_LEN 255 + typedef struct { - ngx_uint_t engine; /* unsigned engine:1; */ -@@ -20,8 +19,8 @@ typedef struct { - +@@ -21,7 +22,7 @@ typedef struct { static X509 *ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, STACK_OF(X509) **chain); --static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, + static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, - ngx_str_t *key, ngx_array_t *passwords); -+static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, -+ char **err, ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg); ++ ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg); static int ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata); static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); -@@ -88,6 +87,12 @@ static time_t ngx_ssl_parse_time( +@@ -85,6 +86,12 @@ static time_t ngx_ssl_parse_time( #endif ASN1_TIME *asn1time, ngx_log_t *log); @@ -49,7 +65,7 @@ index 104e8da..8cf777e 100644 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static void ngx_openssl_exit(ngx_cycle_t *cycle); -@@ -398,7 +403,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) +@@ -432,7 +439,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, @@ -58,7 +74,7 @@ index 104e8da..8cf777e 100644 { ngx_str_t *cert, *key; ngx_uint_t i; -@@ -408,7 +413,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, +@@ -442,7 +449,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, for (i = 0; i < certs->nelts; i++) { @@ -67,7 +83,7 @@ index 104e8da..8cf777e 100644 != NGX_OK) { return NGX_ERROR; -@@ -421,12 +426,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, +@@ -455,12 +462,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, @@ -82,29 +98,33 @@ index 104e8da..8cf777e 100644 x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain); if (x509 == NULL) { -@@ -516,8 +522,19 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, +@@ -550,8 +558,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, } #endif - pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords); - if (pkey == NULL) { + pubkey = X509_get_pubkey(x509); -+ if (!pubkey){ ++ if (!pubkey) { + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, + "X509_get_pubkey() failed"); + return NGX_ERROR; + } -+ dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey); ++ ++ if (dlg) { ++ dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey); ++ } ++ + EVP_PKEY_free(pubkey); + + pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords, dlg); -+ if (ngx_test_config){ ++ if (ngx_test_config) { + return NGX_OK; + } else if (pkey == NULL) { if (err != NULL) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "cannot load certificate key \"%s\": %s", -@@ -587,7 +604,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, +@@ -621,7 +644,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, #endif @@ -113,7 +133,7 @@ index 104e8da..8cf777e 100644 if (pkey == NULL) { if (err != NULL) { ngx_ssl_error(NGX_LOG_ERR, c->log, 0, -@@ -700,10 +717,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, +@@ -734,10 +757,82 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, return x509; } @@ -191,18 +211,18 @@ index 104e8da..8cf777e 100644 +} static EVP_PKEY * --ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, + ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, - ngx_str_t *key, ngx_array_t *passwords) -+ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg) ++ ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg) { BIO *bio; EVP_PKEY *pkey; -@@ -791,11 +879,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, +@@ -825,6 +920,21 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, tries = 1; pwd = NULL; cb = NULL; + -+ /** directive format: ssl_pass_phrase_dialog buildin|exec:filepath */ ++ /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */ + if (dlg && ngx_strncasecmp(dlg->data->data, (u_char *)"exec:", 5) == 0){ + pwd = (void *)dlg; + cb = ngx_ssl_pass_phrase_callback; @@ -210,26 +230,20 @@ index 104e8da..8cf777e 100644 + pwd = NULL; + cb = NULL; + } - } - -- for ( ;; ) { -+ /* skip decrypting private keys in config test phase to avoid ++ } ++ ++ /* skip decrypting private keys in config test phase to avoid + asking for pass phase twice */ + if (ngx_test_config){ + return NULL; -+ } + } -+ for ( ;; ) { - pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, pwd); -+ - if (pkey != NULL) { - break; - } + for ( ;; ) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h -index 860ea26..41f4501 100644 +index ebb2c35..761f48d 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h -@@ -74,9 +74,19 @@ +@@ -82,9 +82,19 @@ #define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f) #endif @@ -249,15 +263,7 @@ index 860ea26..41f4501 100644 struct ngx_ssl_s { SSL_CTX *ctx; -@@ -84,7 +94,6 @@ struct ngx_ssl_s { - size_t buffer_size; - }; - -- - struct ngx_ssl_connection_s { - ngx_ssl_conn_t *connection; - SSL_CTX *session_ctx; -@@ -184,9 +193,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log); +@@ -192,9 +202,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log); ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data); ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, @@ -296,23 +302,21 @@ index 9cc202c..2c938d7 100644 { return NGX_ERROR; diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c -index 4c4a598..a147054 100644 +index 1c92d9f..35132b9 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c -@@ -17,8 +17,9 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, +@@ -21,6 +21,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" #define NGX_DEFAULT_ECDH_CURVE "auto" --#define NGX_HTTP_ALPN_PROTOS "\x08http/1.1\x08http/1.0\x08http/0.9" +static ngx_str_t ngx_ssl_server_null = ngx_string(NGX_SSL_SERVER_NULL); ++ + #define NGX_HTTP_ALPN_PROTOS "\x08http/1.1\x08http/1.0\x08http/0.9" -+#define NGX_HTTP_ALPN_PROTOS "\x08http/1.1\x08http/1.0\x08http/0.9" - #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, -@@ -53,6 +54,9 @@ static char *ngx_http_ssl_conf_command_check(ngx_conf_t *cf, void *post, - - static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); +@@ -59,6 +61,9 @@ static ngx_int_t ngx_http_ssl_quic_compat_init(ngx_conf_t *cf, + ngx_http_conf_addr_t *addr); + #endif +static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); @@ -320,7 +324,7 @@ index 4c4a598..a147054 100644 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, -@@ -296,6 +300,13 @@ static ngx_command_t ngx_http_ssl_commands[] = { +@@ -290,6 +295,13 @@ static ngx_command_t ngx_http_ssl_commands[] = { offsetof(ngx_http_ssl_srv_conf_t, reject_handshake), NULL }, @@ -334,34 +338,24 @@ index 4c4a598..a147054 100644 ngx_null_command }; -@@ -555,7 +566,7 @@ ngx_http_ssl_add_variables(ngx_conf_t *cf) - static void * - ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) - { -- ngx_http_ssl_srv_conf_t *sscf; -+ ngx_http_ssl_srv_conf_t *sscf; - - sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); - if (sscf == NULL) { -@@ -577,6 +588,8 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) +@@ -609,6 +621,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) * sscf->ocsp_responder = { 0, NULL }; * sscf->stapling_file = { 0, NULL }; * sscf->stapling_responder = { 0, NULL }; + * sscf->pass_phrase_dialog = NULL; -+ * */ - sscf->enable = NGX_CONF_UNSET; -@@ -608,6 +621,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) + sscf->prefer_server_ciphers = NGX_CONF_UNSET; +@@ -639,6 +652,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) { ngx_http_ssl_srv_conf_t *prev = parent; ngx_http_ssl_srv_conf_t *conf = child; -+ ngx_http_core_srv_conf_t *cscf; -+ ngx_ssl_ppdialog_conf_t dlg; ++ ngx_http_core_srv_conf_t *cscf; ++ ngx_ssl_ppdialog_conf_t dlg; ngx_pool_cleanup_t *cln; -@@ -674,6 +689,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -694,6 +709,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_str_value(conf->stapling_responder, prev->stapling_responder, ""); @@ -370,12 +364,12 @@ index 4c4a598..a147054 100644 + conf->ssl.log = cf->log; - if (conf->enable) { -@@ -736,6 +754,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) + if (conf->certificates) { +@@ -726,6 +744,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; -+ /** directive format: ssl_pass_phrase_dialog buildin|exec:filepath */ ++ /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */ + if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){ + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data); @@ -402,7 +396,7 @@ index 4c4a598..a147054 100644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, -@@ -786,7 +828,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -776,7 +818,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) /* configure certificates */ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -411,11 +405,10 @@ index 4c4a598..a147054 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -1335,3 +1377,31 @@ ngx_http_ssl_init(ngx_conf_t *cf) - +@@ -1329,6 +1371,32 @@ ngx_http_ssl_init(ngx_conf_t *cf) return NGX_OK; } -+ + +static char * +ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ @@ -442,25 +435,27 @@ index 4c4a598..a147054 100644 + + return NGX_CONF_OK; +} -+ + + #if (NGX_QUIC_OPENSSL_COMPAT) + diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h -index 7ab0f7e..2f83d75 100644 +index c69c8ff..79f1506 100644 --- a/src/http/modules/ngx_http_ssl_module.h +++ b/src/http/modules/ngx_http_ssl_module.h -@@ -67,6 +67,8 @@ typedef struct { - - u_char *file; - ngx_uint_t line; +@@ -62,6 +62,8 @@ typedef struct { + ngx_flag_t stapling_verify; + ngx_str_t stapling_file; + ngx_str_t stapling_responder; + + ngx_str_t pass_phrase_dialog; } ngx_http_ssl_srv_conf_t; diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c -index e4f721b..61efa99 100644 +index c1731ff..ab9d98a 100644 --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c -@@ -2564,7 +2564,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) +@@ -2567,7 +2567,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->upstream.ssl_certificate->value, &uwcf->upstream.ssl_certificate_key->value, @@ -470,7 +465,7 @@ index e4f721b..61efa99 100644 { return NGX_ERROR; diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c -index 28737ac..728181d 100644 +index aebb4cc..5d95f44 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -13,6 +13,7 @@ @@ -481,7 +476,7 @@ index 28737ac..728181d 100644 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, -@@ -35,6 +36,8 @@ static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, +@@ -33,6 +34,8 @@ static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data); @@ -490,7 +485,7 @@ index 28737ac..728181d 100644 static ngx_conf_enum_t ngx_mail_starttls_state[] = { { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, -@@ -216,6 +219,13 @@ static ngx_command_t ngx_mail_ssl_commands[] = { +@@ -202,6 +205,13 @@ static ngx_command_t ngx_mail_ssl_commands[] = { offsetof(ngx_mail_ssl_conf_t, conf_commands), &ngx_mail_ssl_conf_command_post }, @@ -504,7 +499,7 @@ index 28737ac..728181d 100644 ngx_null_command }; -@@ -345,6 +355,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -330,6 +340,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) { ngx_mail_ssl_conf_t *prev = parent; ngx_mail_ssl_conf_t *conf = child; @@ -513,7 +508,7 @@ index 28737ac..728181d 100644 char *mode; ngx_pool_cleanup_t *cln; -@@ -388,6 +400,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -372,6 +384,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); @@ -522,11 +517,11 @@ index 28737ac..728181d 100644 conf->ssl.log = cf->log; -@@ -449,6 +463,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -430,6 +444,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; -+ /** directive format: ssl_pass_phrase_dialog buildin|exec:filepath */ ++ /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */ + if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){ + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data); @@ -552,7 +547,7 @@ index 28737ac..728181d 100644 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL); #endif -@@ -461,7 +498,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -442,7 +479,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) } if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -561,7 +556,7 @@ index 28737ac..728181d 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -745,3 +782,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) +@@ -692,3 +729,30 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) return NGX_CONF_OK; #endif } @@ -592,13 +587,11 @@ index 28737ac..728181d 100644 + + return NGX_CONF_OK; +} -+ -+ diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h -index a0a6113..3d87d50 100644 +index c0eb6a3..02b4d4f 100644 --- a/src/mail/ngx_mail_ssl_module.h +++ b/src/mail/ngx_mail_ssl_module.h -@@ -57,6 +57,8 @@ typedef struct { +@@ -56,6 +56,8 @@ typedef struct { u_char *file; ngx_uint_t line; @@ -621,7 +614,7 @@ index ed275c0..1747aed 100644 { return NGX_ERROR; diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c -index 1ba1825..ba70547 100644 +index ba44477..43cd7e0 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, @@ -643,7 +636,7 @@ index 1ba1825..ba70547 100644 static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf); -@@ -226,6 +231,13 @@ static ngx_command_t ngx_stream_ssl_commands[] = { +@@ -233,6 +238,13 @@ static ngx_command_t ngx_stream_ssl_commands[] = { 0, NULL }, @@ -651,21 +644,21 @@ index 1ba1825..ba70547 100644 + NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_pass_phrase_dialog, + NGX_STREAM_SRV_CONF_OFFSET, -+ offsetof(ngx_stream_ssl_conf_t, pass_phrase_dialog), ++ offsetof(ngx_stream_ssl_srv_conf_t, pass_phrase_dialog), + NULL }, + ngx_null_command }; -@@ -690,6 +702,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -802,6 +814,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) { - ngx_stream_ssl_conf_t *prev = parent; - ngx_stream_ssl_conf_t *conf = child; -+ ngx_ssl_ppdialog_conf_t dlg; + ngx_stream_ssl_srv_conf_t *prev = parent; + ngx_stream_ssl_srv_conf_t *conf = child; ++ ngx_ssl_ppdialog_conf_t dlg; ngx_pool_cleanup_t *cln; -@@ -732,6 +745,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -846,6 +859,8 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); @@ -674,11 +667,11 @@ index 1ba1825..ba70547 100644 conf->ssl.log = cf->log; -@@ -779,6 +794,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -879,6 +894,23 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; -+ /** directive format: ssl_pass_phrase_dialog buildin|exec:filepath */ ++ /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */ + if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){ + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data); @@ -698,7 +691,7 @@ index 1ba1825..ba70547 100644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, ngx_stream_ssl_servername); -@@ -823,7 +855,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -923,7 +955,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) /* configure certificates */ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -707,7 +700,7 @@ index 1ba1825..ba70547 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -1209,3 +1241,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf) +@@ -1371,3 +1403,30 @@ ngx_stream_ssl_init(ngx_conf_t *cf) return NGX_OK; } @@ -715,7 +708,7 @@ index 1ba1825..ba70547 100644 +static char * +ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ -+ ngx_stream_ssl_conf_t *sscf = conf; ++ ngx_stream_ssl_srv_conf_t *sscf = conf; + ngx_str_t *value; + + if (sscf->pass_phrase_dialog.data){ @@ -738,17 +731,19 @@ index 1ba1825..ba70547 100644 + + return NGX_CONF_OK; +} -+ diff --git a/src/stream/ngx_stream_ssl_module.h b/src/stream/ngx_stream_ssl_module.h -index e7c825e..d80daa4 100644 +index 6f6d9ae..870640d 100644 --- a/src/stream/ngx_stream_ssl_module.h +++ b/src/stream/ngx_stream_ssl_module.h -@@ -56,6 +56,8 @@ typedef struct { +@@ -53,6 +53,8 @@ typedef struct { - u_char *file; - ngx_uint_t line; + ngx_flag_t session_tickets; + ngx_array_t *session_ticket_keys; + + ngx_str_t pass_phrase_dialog; - } ngx_stream_ssl_conf_t; + } ngx_stream_ssl_srv_conf_t; +-- +2.44.0 + diff --git a/404.html b/404.html deleted file mode 100644 index 71fa16c..0000000 --- a/404.html +++ /dev/null @@ -1,119 +0,0 @@ - - - - - The page is not found - - - - - -

nginx error!

- -
- -

The page you are looking for is not found.

- -
-

Website Administrator

-
-

Something has triggered missing webpage on your - website. This is the default 404 error page for - nginx that is distributed with - Fedora. It is located - /usr/share/nginx/html/404.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -
-
- -
- [ Powered by nginx ] - - [ Powered by Fedora ] -
-
- - diff --git a/50x.html b/50x.html deleted file mode 100644 index c296c61..0000000 --- a/50x.html +++ /dev/null @@ -1,119 +0,0 @@ - - - - - The page is temporarily unavailable - - - - - -

nginx error!

- -
- -

The page you are looking for is temporarily unavailable. Please try again later.

- -
-

Website Administrator

-
-

Something has triggered an error on your - website. This is the default error page for - nginx that is distributed with - Fedora. It is located - /usr/share/nginx/html/50x.html

- -

You should customize this error page for your own - site or edit the error_page directive in - the nginx configuration file - /etc/nginx/nginx.conf.

- -
-
- -
- [ Powered by nginx ] - - [ Powered by Fedora ] -
-
- - diff --git a/arut.key b/arut.key new file mode 100644 index 0000000..55c192b --- /dev/null +++ b/arut.key @@ -0,0 +1,114 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGYXyiQBEAC4jm1y+ODV4+YDGj9vp2BgHB4FJeQdgrBiVX+Mb2qCrEqJgeKV +fVwKjkVYqnb76TTybdOKqCP5wdQrncKAKlXsMq6sdsiwPSrdRcjkeiE29WWrtbB4 +i+VObnoWklMblMxFQ1XQIkjs2wviidKjJw2VV3i4XnLSrHhWaWqviTLZCMQymoPs +F+Tfu1WX9OUfOquekZ5KjkyBxB4ep6+NPeuIkPnW0SiTUhU8tbi8v0aBZEHSZLqE +mq8KLROVuYSPvtU+NtaXAM09BHEVCfb409aDps9p6AFT+IN8yoOegGdEZjp6hJvS +HxbhuwqNEtg4dTEV515YUCgKabqU1QaqI/Y0+Pdkpep1KRFc9YUYttDkCw7Ybu2u +fwTGzwAbD+ThAIOdzmMDodzZaEMf+9fQG4bnO1PdNbXzyP7Kv9qzGa65+9oGCPOS +qTpISR8pvzoI8w/Z/vG71ob/nQ6Xm0L986ksErdGhu16ZI7lW2eDYqy2IoFfbeSz +HHxk484/pEibrlCRbP2Id+zULfxo1HGOGg+PAY9Q2uNzABsGDMnOhIvXHS+hP7oB +sO9A4Prqu6K6cMp3QI219tmmOUegJpmGGPzoNgxR7H30wNcjZPv4PWr/c0fP70Ny +ilgbdcEMDSHks30AmiuIvcUxo3A21p2nnpxsKAKYx42UJkyEK0HILMzcqwARAQAB +tCZSb21hbiBBcnV0eXVueWFuIDxyLmFydXR5dW55YW5AZjUuY29tPokCTgQTAQgA +OBYhBEM4eCXdsbuX7Da6XQB8jXwV2HNpBQJmF8pXAhsDBQsJCAcCBhUKCQgLAgQW +AgMBAh4BAheAAAoJEAB8jXwV2HNppvQP/AjzdPKkGRzJkb1ioto/IEP1YhA/Eayk +hvejJ0vyWVHXXH7FLW9fIZoApcsD1J8/7zIANm+62IfT3QNbL2R44IyhJB3AY22l +t0ToLxodfugegF3NPYYyFOSRUoPD4g2T/dMCPOBX4MNEAnAlCmxAMaJNmQUO76IY +GwELa3CH3Aqf7bthKy8P36G11hu7NgH6V9mVIRIpfnfpXFQIztj+vsWtswu4M5t7 +BNJwx4a2KTCVQpTdff5/0dO/5drQDxLbIg681WZk3Oe8Eu6nSc0Ud02NIkg1TQH/ +MryAp7o/ua3LRem+W/cktnT60p4uXPVZ3Rvg3zOmJSNJ+eIXY2+sDeZEPaROKldA +IbnBacTsZjdswIlrbzinY8ZVRosaFlvHg/ESTBRItALHWCRdzOR1Wv1qy/PQfEEL +qftDsCTQhssP1MHJWlejeqPlND3iT2vBDeOxqd6WhKuAc+L04iyBB6p867pwrgDF +ecg82DPehsAnO2XBAFuIE/SLewkYm0B9HK7/J4LZqPwTAksPf/dnbMAmHWoBDqsu +4U4U4SsJKsZ87R9ao8qO7IWCzHrXavHFmnbqweFfHToeKF/L4PB+tYoW3YmUOged +CglpJv13bNWmRwL7+x8b7BwpVwClxHBHteDX4RIN5iPH9h20J4jIpzRa1kNJsTu1 +v4ZkqLWJlkiiiQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmYdpjsA +CgkQpk/VsXrbOahISgf/U7ZO0yK0PsOcAFTB0TQBCNsAhxtJAEJoVoweuYiLk8jR +0OeDRCy0BC//qWDLFT7NKuP50SM2u0Csbg+n6b0bdy+vXbbGVzIAYzG09rPYe2Q5 +qwqyAx+MMzyICXul9lGNU2qN2qjUXMb0mCWUhxwMvzRUeS7shT1CBhGrnpoYkY56 +NhWj7iG1BbLwYVQzDZC/Rp6rvwJQgZo7+DjaMjryGAEI0ujpUp8ywrPaJpwIuXDI +D5BhcyUaEd3XOondHQNedlgERXHT4pN+oNMPWwN3+DeQYLS3FHiqyz05ZvoeWnao +A2/fWNA+BqIdjilp/TDDI4Ef7c9hp13weaZggYB3M4kBMwQQAQgAHRYhBFc7/Ws9 +j7xkEHmmq6v1vYJ72b9iBQJmHabkAAoJEKv1vYJ72b9iDgoIAP1QJjl4ynLAV9Bo +Ol4AAzxZ3x/2NEgLSnjLfhb/OduDxQlL9oPulWoLDG41xiZJkepEnQWmSsIYF6Xe +RsAB+eREU2uCxqCvBXpyIs5npXvVDV2/PQuVEop7HByx6Hjr9XK8hugihnEi1p+9 +Ecbu+89fi93m3C/5uIIil46cHByjRZ+5Yy1UFUB/wsYud1qMcYmvDaqEo5AqWNcM +gWUFhUfgGTtBbyvIWTeX0NHnrbzHP7lhmPfWsfOjAtO8PpM8Gz5RdNRq44DdRKdG +uWVby/kni868H+8/tHalDR0I9/Mmg2Uax0eggTVpECv/4+xBduqSB2iPwgRnSzhZ +6SVKJvKJAjMEEAEIAB0WIQT5TVS8DF1qZBfIzz/oLBEYr5TfbgUCZh5KVgAKCRDo +LBEYr5TfbitgD/wMamMFfFZnPS7JS1NWEMb5fbhHob1EkmedIpbpRDXUtj0ksehW +ZAEpmVF9btqS4B+B9tSK1VS2sy4XwEGodNVSGxdtF9W8+iAHAb6Hq1Z7ifWyb991 +Kt/pVk/8adxlU4G8h1fq0idhpnI8KvkAlPJR7+PoJOEN1+VdHS6tkE5LMTf6dF9F +iVxKQczOS1b/GmfL3kYfu6UvI07ZuaP+90mOt/TZTwkzsWjRY2vofCIPSDY94rLj +m6PmVFoU3PHLKW7yDz1YXkVE6SgQYGZ2bqB6OHJZnDXUTSHncHTbDVzZQekIs1lP +V6e5N8Xo/VOpv28feKAsBqQ8ML53djmGUL0azjEz1g2kgPmTuZdKzZ5kcUsULdQV +aRKcfyYD1oRpwwlw9GJAxliJHck1IdGGaCslrHtzkh3RMULlloAYitzD9jtKsrOj +R19s+JK/tIfFZZ5gR5qhzgOL8WgkSrIaq2o9R4sigBz1IxnXXC573RDA2F5FAeE/ +K6EmAO+BqVkImZcmP1JsLtr+OM+jihXIILACEJwhOKPtZth9zrLYkXWB1nCaDxHp +XEUpp6UPCQNgNX8NCghnJr5gis/SmYppgFlO9R9yZ7/LtP0tUX0CmhOeqGMnHt4R +F8n8D7EBwMWvWjlUbsDkMKX4JORgojguHJZciWQC1gVRwJ0iTH/ImtzDnbQhUm9t +YW4gQXJ1dHl1bnlhbiA8YXJ1dEBuZ2lueC5jb20+iQJOBBMBCAA4FiEEQzh4Jd2x +u5fsNrpdAHyNfBXYc2kFAmYXyiQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA +CgkQAHyNfBXYc2kRFw//VFuCnW3EwoLCWWgWCikgI9kbVDr0/Qiyf2Gb9sfOyzBN +q/+ZGjTs7EqTHbYUiCTgjy8t0SNKizoCXjSWLToTAXhOeTY3wDuHkdc3C2OPMPgm +HPGmdnfplmsZjj689sy0MTnlLmU/87texR/f3REAKtchVjo5AojuZxXJi+ryBvoz +KXi82M1JaYlIr15T+OiRtfZ3cgfTkb5CRa0YRV7QQ1zhOiF0AFKVVikFwRuquphT +y2cSLILLzOpwG/CjMJzO4VOASmGJmdicIfYSsZSzz37RrcfeYwR6quJ55Y9QF9IU +fg5AHWufpXaf6FbMsW1U1mOq0tMvwvdcO+u5I5SBj6IkqO4zavmW/i5zkxaq96wF +Qn6+oRkqHnNNn0hl/B4MWdEjDJsaDXfkQ3Snn4Bfl1JPT6cH2NDVYQn1siIOim/W +G5lhGLNB1TOAVLHblQ2xILadK0T33y6lfRUV3BOW01BDoF0ndyd7LjG5Di/cjfSo +1hvhTkW7QJGfzVV4IAAxEyHKlmgONfggZoplqukuPsq7eNNRPhvlZq632QXIqt6Y +xE43Nk0O41rX/tWtB7eNcPvfNOc+sGljnCSwpRWyx9xO7plELVD9KdtcyHrIgora +Flh7KsSbppSQ/iUKRNP+lfCQsMa1yrnQyxazss8OGlB7YpUJL4trQW35f/jXFD+J +ATMEEAEIAB0WIQRzOJcwae0/RD9NN9+mT9Wxets5qAUCZh2mQQAKCRCmT9Wxets5 +qPBjB/0SDkET7h/Vw2PJKxuYujsL+tn3SKXshgyCM2u00njJM9TqpZbZV681unKM +l8uHtj9b0Z4U0nHoNEC37wI5FJlxy1hLBw5f2fd/yi8LsD1KP2htjMUW+I2xjcdo +FusQsIF0s8SyW1DZ3vvN2WcZpKHwub1sY9ZFBfxRc6w+33N4dJwXVXP57kj3Ci8j +LDLfkaKyiuYgMtFYZiKKX0tfvaM5pXxLvLOzma9vwfjIMIllooZHDSI65jrbmMv0 +rfDKOX9Ws5Xi8n85jq6Oyq28QPLZUsmymCbhvBwq4FcdiyTl9sxCY4HLq0MzmJJ5 +DMhlFd2Ds3BopFTWCB2fvYyVoXRaiQEzBBABCAAdFiEEVzv9az2PvGQQeaarq/W9 +gnvZv2IFAmYdpugACgkQq/W9gnvZv2Jk4Qf+N0P/7FIHowlO01XmBB5KaztBmVb2 +Tj+jtYgPDHRf86O0kW40Rjx++zMlIRNWK4Ue5PKAi82Yue5uvZcVlpWpx/sMvL+N +C4Xds3Q3qnkxkoemoIMqUKGvePjBpyUWArBkBQ3FrvZtywnzyFWNrvOpeM+5HIuz +WBri/SHBHzQm1/Jl2r5pHcbUdSxB2o1v3f+SaS2vGxwigIf8v44pRfyeWgkoxYgN ++2zR0Ing6URZCYkAbwILsmmWGxJIuq+N9Xs1CQ1WZd5S78p/JBMDQ1prUDLCLFMc +AvlZpQ0HvzEbKGiIVNa1LEQRF4ZWjQOHaPJhg/D3r/Q7VaFlgsOqrwtQaYkCMwQQ +AQgAHRYhBPlNVLwMXWpkF8jPP+gsERivlN9uBQJmHkpZAAoJEOgsERivlN9u8fYQ +AK0s0CvQNTXrg/Oe92Ajj+CpFIGhEUgXsufpg3OF+4doXOoRrVcv6y/0dGC+u899 +Qiz5rzP8JkgT3Bvs/oFbQnESX7zob/GuBiRAnaanQQGjQsc8tXUcIgIB8vZI6Hxr +BZYyjXMrc1fAp1zy6F3YfVtjntp6Zt740zlcFSHPL6pKeNC8lCas7f7EPGm9ERlf +XvPOsMyKVDRTrtYVrQ17pgmWzMFl9eYzAV81X/cK7O9BmTvLb9HB9THl9QM6iKWd +UPNNhMseMA55i1y1trvv2rQSP2tm7xAijlffNu/LHyVjOJA+63rk9JqpQi2O/sI6 +naCZ5kLky3+OisbzJLtsIv3KWGF4jnpZJwPI97UbRAxrBCPd8BDXW06qQ0xfF9GA +sW46IDnf5uNV5Fj9T1IhZUUCU6XwwhcTENwcaJ2hubPzW19gvxieRpxdvnXhjUxR +UgqgFjtlpyBSABYr2REiaBTHkR1qVMa8tThpSyzfmfBNe9chBGQBdDMzTTUDf4dU +cw4UGGPXqrBEapleoZBszXLrZxQxCNmLGFBW3vcJDfRRTvg/OMCIwD72kfd8KY1t +SRRi5vQ3CvV8E0EEXshjxVk0fwS+5muM1thWZM4xCSgyH6Ka/5biMeUv1VNcKJne +J51xs9jfS/JltrT/ahWG4J9msJFtmYyrLh/nMxccXK75uQINBGYXyiQBEAC5tT5O +uysy75BcwAg8jIK+Cw6hNy+riOoCIzsMen8ps4tyDFLmRdpJmVOpmtvESaix2MHf +Hc/t9hOsQ8LmF3kDG/JisDXcB/v28EOiDpp5Ug/5UOFBnbu4DkxbakJF8KF/rQ9t +i29lt03saGCf2XbqzTLI6FvZ2TT8hDwAZF5aOtDEHV3ChBPn6gplnJADiZ9DioMZ +ji1HnL8Zu4IYHMNOgpxULi6TMhBH/MkHbyycOdt/EsQFamnLGeV8KR2fubYjrpbH +pLZzSRepQyvKIhHAFj6DUeDyEt2XAitxI8YI40IVO75Zu8ZZq0qYGML8Am+t6ZjJ +3ZR8/DWjxRUYeo+YVEe5f+oRl5GRNkLtGvTAD38Nb2/7SUYdSXA3y3Ocfo/bySwa +qggeFpDqK5eHXmrO4hvRqYoEyNyW4VQlGyvYq4s2cLeCF/S2w6dV8OFsksIoq8uq +R1/IQ8Bonsf7iAYpsMAZZOGKiJzr01W3GA4Ka3B/MmZP5CysUhFlFxMsDr3/TWfg +p3CHd5yGAnuWWWkjqVQzx0tcub3gyDsHCPuws8P2OKJ2lzNPqpp08MjYMMRZb4Y6 +9REXkKw7kXU8zM5+1IpW2U+z83NU86QR08PTpjATz05ltdGqF82Z+Ygl2nav8oqV +RqNd/k+WE60e1eJmgykjmz6nPbm0S2jt1C7QLQARAQABiQI2BBgBCAAgFiEEQzh4 +Jd2xu5fsNrpdAHyNfBXYc2kFAmYXyiQCGwwACgkQAHyNfBXYc2mTihAAqB+sv9lw +kRorE6iXwvvj2Dt2iIy7jc1AhZQOH/j7B4GHpV3Ej/ptdUwuzj/aX5EnEeDPZ2JU +sSKy2q0RpKGKdKOvgy5yVfd8xqujkawXv26QU53mgyfgQCZLhFFhq0MIAqnxPb8h +SCQeol18Wqs++LjeDMwkgMrHJeNhW2U2llqTS37YfRMOo0Vr022ZHlMlkyMz1sQH ++C2/nzmmtkI4+vlPeccoN+3239YzndW1+XM8S3dXNcsGTyLAbkCowfpuqQdIP0MY +lBwx/Xj9fxBNAuqGVCjrjGMg7mozMkeCDzrAoZiaD3Kud8zSs9VpAyAymrPQJSSS +96b+vr2mDKbV11QJeJZv/d02n4JMjK7Ai//3j/TqkJF4UoYH45g5hvGSrym1UKrf +n8TqHdtTFjcxAMXLbWICHdDk7/0ole8Bl8csiSHyKy/sGJ0b/7zcB88CS8OfsR3C +OanK13emeD6rHOp8wEWA1/PA1JoAC5suS/uIgPWa5ujLaViJ9pW6ohfzMqOtLABF +BB/FgD/qgPF+uTPPLQZw3XO8Q61kFq6x0RJGNgBEOpseounx+T6FCxZqrvjWm/WK +VQUiRBtJIvD7Z8UCP+NUzdj3hwLAXpXrPz0gkcbI+hdlTJHCC6i61Qf5OIWnhtw6 +kZv2zEcTtzlAYNEumy8KrJzICmPLS7BEC8w= +=ilJ3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/mdounin.key b/mdounin.key deleted file mode 100644 index bbf2ca1..0000000 --- a/mdounin.key +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (FreeBSD) - -mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR -0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf -hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc -m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS -ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp -rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8 -bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC -CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe -D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV -0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N -tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ -/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET -9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG -BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS -AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+ -P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB -DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G -W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX -vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ -wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP -mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y -oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM -AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE -CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV -s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ -blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO -QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO -wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw= -=Tavt ------END PGP PUBLIC KEY BLOCK----- diff --git a/nginx.conf b/nginx.conf index 8839c11..e9fa98d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -42,21 +42,14 @@ http { # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; - - error_page 404 /404.html; - location = /404.html { - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - } } # Settings for a TLS enabled server. # # server { -# listen 443 ssl http2; -# listen [::]:443 ssl http2; +# listen 443 ssl; +# listen [::]:443 ssl; +# http2 on; # server_name _; # root /usr/share/nginx/html; # @@ -69,14 +62,6 @@ http { # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; -# -# error_page 404 /404.html; -# location = /404.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } # } } diff --git a/nginx.spec b/nginx.spec index c1e3c07..971d8c6 100644 --- a/nginx.spec +++ b/nginx.spec @@ -55,7 +55,7 @@ Name: nginx Epoch: 1 -Version: 1.24.0 +Version: 1.26.0 Release: %autorelease Summary: A high performance web server and reverse proxy server @@ -66,9 +66,10 @@ Source0: https://nginx.org/download/nginx-%{version}.tar.gz Source1: https://nginx.org/download/nginx-%{version}.tar.gz.asc # Keys are found here: https://nginx.org/en/pgp_keys.html Source2: https://nginx.org/keys/maxim.key -Source3: https://nginx.org/keys/mdounin.key -Source4: https://nginx.org/keys/sb.key -Source5: https://nginx.org/keys/thresh.key +Source3: https://nginx.org/keys/arut.key +Source4: https://nginx.org/keys/pluknet.key +Source5: https://nginx.org/keys/sb.key +Source6: https://nginx.org/keys/thresh.key Source10: nginx.service Source11: nginx.logrotate Source12: nginx.conf @@ -78,8 +79,6 @@ Source15: macros.nginxmods.in Source16: nginxmods.attr Source17: nginx-ssl-pass-dialog Source102: nginx-logo.png -Source103: 404.html -Source104: 50x.html Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 @@ -93,7 +92,7 @@ Patch1: 0002-fix-PIDFile-handling.patch # downstream patch - Add ssl-pass-phrase-dialog helper script for # encrypted private keys with pass phrase decryption -Patch2: 0003-add-ssl-pass-phrase-dialog.patch +Patch2: 0003-Add-SSL-passphrase-dialog.patch BuildRequires: make BuildRequires: gcc @@ -253,7 +252,7 @@ Requires: zlib-devel %prep # Combine all keys from upstream into one file -cat %{S:2} %{S:3} %{S:4} %{S:5} > %{_builddir}/%{name}.gpg +cat %{S:2} %{S:3} %{S:4} %{S:5} %{S:6} > %{_builddir}/%{name}.gpg %{gpgverify} --keyring='%{_builddir}/%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . @@ -329,6 +328,7 @@ if ! ./configure \ --with-http_stub_status_module \ --with-http_sub_module \ --with-http_v2_module \ + --with-http_v3_module \ --with-http_xslt_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ @@ -408,9 +408,6 @@ ln -s ../../pixmaps/system-noindex-logo.png \ %{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png %endif -install -p -m 0644 %{SOURCE103} %{SOURCE104} \ - %{buildroot}%{_datadir}/nginx/html - %if 0%{?with_mailcap_mimetypes} rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types %endif diff --git a/pluknet.key b/pluknet.key new file mode 100644 index 0000000..fd3f983 --- /dev/null +++ b/pluknet.key @@ -0,0 +1,65 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGKE4psBEADpHSM/IxFD1nXBmnODYXzcl2A+6b6m9m1m2Y4Dlr0ed+y5Lxne +QidE9I74A2KSm6+eHW2yh4i1ZwZbmwpmQqM+j5BMt7axoXOdKSyN+fYtUakzNbBN +EDRKT79q/zIzkgTJradHkCQkwF1W3go+qPXjR2ZEnLma9dZED9VNI6PmOpeYaASo +IkEfbKbwa/vPrvnDSSYY6Y02RXSRk5U1NvQgVUTJP9WGK7NlPUcTBDELLQv6fFPU +kjBOel6MecsQ+v8iq4RJF2cbVF0hNjbAiNldjLV74Xd7yWVRlCbdb2agyvQjMNrD +jHSvbEMiNB3R8yBHVW2Zldv8q0XjcwoDfdiZYFJe3lRUYmv6I2p+/DptD4r/3ILI +peGZtSeOdQEw+vvODL/Ehq03anTrzcpZ6sDLfLrYJhYcrltj0/LMUnLDAjciwRUq +XI46EfxwqsdLeqoZFQeO3LOFsh0kJKR2xOrUHIVy84NJ4Gmro6WmUkb1NfdjyHzF +z8Lfbo46NKoTcwFsFF0q74jVVIVNUyIS91DusiMqLCsP8jqDOz/kyP4bOJQ+aUXf +BANn4Ll1TFWsJ417moxz+Pi5sTaI0na8z2XB1N9WPsSml3FS75hJPJshN2T3VIea +zB7GFWqk33ynSDt+cAisG5nsK9fFdcH+t5wm59oobyFbFhKxwX6ROuxlZwARAQAB +tCRTZXJnZXkgS2FuZGF1cm92IDxwbHVrbmV0QG5naW54LmNvbT6JAk4EEwEKADgW +IQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoTimwIbAwULCQgHAwUVCgkICwUWAwIB +AAIeAQIXgAAKCRDIRk1UmvdcCqbOD/9Htgk3mWvUFmrApkWQTIDNmLACZ1Sw1PXj +Uqte8StYB0bYY+nmAXs7O5eC2h1ViParl7En1joEEMQQmH0qSnw4X1CM/hA8TAYW +mBPITTNWo/R52WoyWeWGFnFNIperQmuIZc+pXm0VEFVPiX/2DXbCIu+jaXySvlCN +LekmOD4VC7dJS8/ohoaXOR2T8ufS+1CsyPXomEb+COhqRZ3EVBa+k7pnElkFft3Y +a1fR0AgatZFQpy+ukePhK7s/M5RGhDJWHgSAZFkf+X2jVV4NRJ+XsY80gU5DD2ZX +QT6Je6Knxqk7FnWNSxkhReH6Ss5flZSoGDCmJ2AsPtGeUhus2fGqeN+waGKTZC35 +die2V4/cro1SWswSI6Y5GFDZT1olIUztPmSXU/A3oyizJI7XZybwUbpk5kK83VXm +el3U/7Qr/VErlDWFefZWeUvT1RILZ8IRoNj4dv158RnKHt9G508A5qz4hUPKoSeq +SiXhYwfkc31WPzIJ4ev+X5Ka2sG/CKbEMJ7qwc0Kadiu+ePPfqqbXjpTWRyrbcRM +hRNcLNUi1SLWMBClOQG+5GNG1dPPHkbj4dO1OZuaUMwQdu8R8NlsGoVWS40bmVv5 +pXstzYCl7k/UnC/Ytlq61GeAoq8ILa6jGj0EWqlhvi0ZNMN+fROhzrRlTzIr/+WE +Xf8EiVNFSbQlU2VyZ2V5IEthbmRhdXJvdiA8cy5rYW5kYXVyb3ZAZjUuY29tPokC +TgQTAQoAOBYhBNZ4bOMD2akCKZjcbMhGTVSa91wKBQJihO2zAhsDBQsJCAcDBRUK +CQgLBRYDAgEAAh4BAheAAAoJEMhGTVSa91wKgLQQANaf4UMndkWoefDQPkJ5qR4K +fuV0WRz59riZEApTkVpPXzl8Y1i8Rgt9pa1v1i12vPyIXKav1rJXQcuDEzqrhQ2G +yvuAE2U/t2mYaMUmwxWO2d8JA3slvBSgOkiYpbLooDizAdKMT5UQWGyw31Wm51iz +HjoztebsyXeXgq9VDjv3D8LUBr/OY3Hguj6HV+zRtC95qgXYadW2FiCtvBK6RTDb +iShTuseLSheGh9dZIUSnzaOiJpDA61ZDYtFZxSpe67vEzhSfHVsF+ZdCjoWhhVv+ ++2wR4E0VQQtOM9uX1PMlZ5Ymr02/gidsXCM0ZjYXx4cDDhnq+nKomN64VloXWY9t +PIi86XmzcSWlGUd+Ac6LyW7/f64bUWs4Ih0Idl0PF0sAr/6axKUsIs1nbn5MEtXk +ZPAjcDLqLb9IIQaXRurm/il8v+bLXVBOJq33YUuGRuz8pu4vPA5Q97zglqhlIgbu +prHMJ9hl5q39JwS3As2rK0o6Q9VVKr29rqSEfk4wEttvk0QMMU5zEvVl8MtqPj42 +qURqpHOadFbYMTwhUmRBUszRZPa5/pWqq0gWOtpyCWFVAsHFWQGJM1Eo6gGEyHZM +YgBp+d29p2p409r1+06U67GBnXvUy0RyIpkLQtU+lyOJ6vvrBmmsDs/gc69GnlSC +tZmCt0pLesJ7ZJzGdDkduQINBGKE4psBEADQr/enuDeVT11v6ejuYrg7aaZaGFUe +3i28bQ4pRUKNfxs7zVYDDHi2i2bhS5j2yQnbsQtGcgoenw6lapmdQRzr4vjQAz9o +kT6l4qpqvFFQM0wZTnigVDmmO9vTHR8Uk3iCKTd2ax3oko/xPWWYJautJ6ex8cOA +coHSDeOjuIWSxCKq0BDFp6LoxkM8nuyLAX2cbhI3LncaZhVveMeN+Fmcsv+WpkKs +yhX92umZuGwlraSyFy23FiRWSZPu9qVIxMMHvVrQJIgfhyWaHFzoF4M4qDoSKx92 +uWfUWgFwPOxOJ6/YcPsX4T8qTl9htmwPN0BibPTlcWaIFXtiU5bE1MivUPeACrI/ +gwUfCR3Mg+GYc13C6jzepREUhI7PLi3+A203PlMZd/aaSZkP6j+h4cwdapH5P4uF +7T1EQ0MSdx3neAvu5p0IM6JpriwxfT3HsG+Y952T6MIeXcjNRebsBrygJhJ0/vyr +wV5t8jL0yQty4CiE/QFnBs42l+rngi7K7Y1AZRBGK7JA09XaoLrfLmS+PrbYPsaJ +flkM8GzUB7BBCLozxDHPzmPkf/A1w3XHZnYuZmS+pvjWCIoKpLQHI99oSUGho/TR +gMRO4v7EAzluqCiepMl0xwFfHB115ND/mATazc4Pt6FxUsqffzfZrN01e1UVPrp5 +4x6YLO80JnOY6QARAQABiQI2BBgBCgAgFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoF +AmKE4psCGwwACgkQyEZNVJr3XAp9ghAAgCgErxQYn/Lh/mzsxYXPnisggcBpceks +mGw7knj1EGkXqq9CHn3EjCw8dB5N857UFlUr++DHwpFL5O36PRQo33RIUFbmBypG +8C/xX1jWGu3xcaqS3P1ncsSSl6ckdvy9pjMxThm/RkXO0eJCn7FcanwPJXEB3Pbb +mm0wLI2OXl/m7l5QAr7kErnPvGNzcbX6G35Q/MY8mumBWQ9H53R5ZPpi+OS40Wfn +pZNKdh/Acwa7+2RokPqoOcJfxVdBOUigXTzb45qZgqEsSR7bkZAy2E80A/sJKPqs +OGjp9cog3rBYyNBn5dasfR9KeBtluKnjUbzutXsQoKUSECY00YGrtneSXMku5hoE +Dguk68w/L63ZApYHO/JTgJAYvqPOErAVUegPIw2CT1/2qi5vpClBcKkNS7RXrssA +X+lElE0zbzX3bNG+lQuXby7jNUFYltkEiz6vTtc4HuHy8u40DHMswzkoDr0T8IE0 +7ZRAWXwV1nlA/dI337cHCsWMJyqem5wZZO13iqe07qaCg1uvBPeqDo81hOCn1us7 +l5SYRUTlt7KSFEHZ+Sx4bmVneAuRi5okaQdmrepy/ss/vVpRwWuQxsPkvT8boS7s +mqOVsZFcNOuUJPUyOz1dHUL6FMYpk1dw+9n41gO4fLBzJekFTB/fxL6SRbYFWWn7 +x0VGHDmuaYQ= +=HmVo +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index b2eee26..6cbbcc4 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nginx-1.24.0.tar.gz) = 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3 -SHA512 (nginx-1.24.0.tar.gz.asc) = a6b6b0b8bd28338465737c54e058a95747330f68bd0b5d1113341eea6025e5092c0707c2fbc5d58eb18e6eedd321c797274f4e3174652ed13f40b9ccf7705436 +SHA512 (nginx-1.26.0.tar.gz) = 1f604a4a29f1b74eb56de7f1d8b0e5610fa055280b4ad2d3550c56926460de24da81b17485cffb358d8814061d4a9db1e0e5079af7921f1dc329e283e2775791 +SHA512 (nginx-1.26.0.tar.gz.asc) = c2ca6b81c8ffda64bc7efa21a48031fe2628756334cdf32f1cf5133635cb4d4744410769a593cbe766c9ada1af669b6304c3e645687ef9b9f87287204f274124