rpms/nginx
7
0
Fork 2
Code Issues Pull Requests Releases Activity

import UBI nginx-1.26.3-6.el10_2.3

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-05-19 19:34:25 -04:00
parent 19e32df27e
commit 28f9805350
9 changed files with 86 additions and 635 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0006-Clarify-binding-behavior-of-t-option.patch Normal file
View File

@ -0,0 +1,37 @@
From dc847f7aedf0b4f8bbf9d7f9ba983541c6ca88c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 20 Jan 2026 19:27:05 +0100
Subject: [PATCH] Clarify binding behavior of -t option.
Configuration testing includes binding to configured listen addresses
when opening referenced files.
---
man/nginx.8 | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/man/nginx.8 b/man/nginx.8
index 10db3e6..64d9ae7 100644
--- a/man/nginx.8
+++ b/man/nginx.8
@@ -25,7 +25,7 @@
.\" SUCH DAMAGE.
.\"
.\"
-.Dd November 5, 2020
+.Dd January 21, 2026
.Dt NGINX 8
.Os
.Sh NAME
@@ -98,7 +98,8 @@ but additionally dump configuration files to standard output.
Do not run, just test the configuration file.
.Nm
checks the configuration file syntax and then tries to open files
-referenced in the configuration file.
+referenced in the configuration file, including binding to configured
+listen addresses.
.It Fl V
Print the
.Nm
--
2.44.0

0
0006-Upstream-detect-premature-plain-text-response-from-S.patch → 0007-Upstream-detect-premature-plain-text-response-from-S.patch
View File

0
0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch → 0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch
View File

0
0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch → 0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch
View File

0
0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch → 0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
View File

0
0010-Mp4-avoid-zero-size-buffers-in-output.patch → 0011-Mp4-avoid-zero-size-buffers-in-output.patch
View File

2
0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch → 0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch
View File

@ -1,4 +1,4 @@
From 4a644be298b126c7fc13b720cefb88d75a4e6aa4 Mon Sep 17 00:00:00 2001
From d7c5b781bd24e0a1b955ee95d69e75b82f16ea0a Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Wed, 22 Apr 2026 09:39:31 +0400
Subject: [PATCH] Rewrite: fixed escaping and possible buffer overrun

679
nginx.spec
View File

@ -1,8 +1,3 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autochangelog
## END: Set by rpmautospec
%global _hardened_build 1
%global nginx_user nginx
@ -67,7 +62,7 @@
Name: nginx
Epoch: 2
Version: 1.26.3
Release: 2%{?dist}.2
Release: 6%{?dist}.3
Summary: A high performance web server and reverse proxy server
License: BSD-2-Clause
@ -91,6 +86,7 @@ Source16: nginxmods.attr
Source17: nginx-ssl-pass-dialog
Source18: nginx@.service
Source19: nginx.sysusers
Source20: nginx.tmpfiles
Source102: nginx-logo.png
Source200: README.dynamic
Source210: UPGRADE-NOTES-1.6-to-1.10
@ -114,30 +110,34 @@ Patch3: 0004-Disable-ENGINE-support.patch
# downstream patch - Compile perl module with O2
Patch4: 0005-Compile-perl-module-with-O2.patch
# https://issues.redhat.com/browse/RHEL-113229
# upstream patch - https://github.com/nginx/nginx/pull/1089
Patch5: 0006-Clarify-binding-behavior-of-t-option.patch
# https://issues.redhat.com/browse/RHEL-146516
# upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e
Patch5: 0006-Upstream-detect-premature-plain-text-response-from-S.patch
Patch6: 0007-Upstream-detect-premature-plain-text-response-from-S.patch
# https://redhat.atlassian.net/browse/RHEL-159546
# https://redhat.atlassian.net/browse/RHEL-159547
# upstream patch - https://github.com/nginx/nginx/commit/a1d18284e0a17
# whitespace were removed from the patch
Patch6: 0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch
Patch7: 0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch
# https://redhat.atlassian.net/browse/RHEL-159525
# https://redhat.atlassian.net/browse/RHEL-159526
# upstream patch - https://github.com/nginx/nginx/commit/3568812cf98df
Patch7: 0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch
Patch8: 0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch
# https://redhat.atlassian.net/browse/RHEL-159433
# https://redhat.atlassian.net/browse/RHEL-159434
# upstream patch - https://github.com/nginx/nginx/commit/9bc13718fe8a59a45
Patch8: 0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
Patch9: 0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch
# https://redhat.atlassian.net/browse/RHEL-157874
# https://redhat.atlassian.net/browse/RHEL-157875
# upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f
Patch9: 0010-Mp4-avoid-zero-size-buffers-in-output.patch
Patch10: 0011-Mp4-avoid-zero-size-buffers-in-output.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-42945
# upstream patch - https://github.com/nginx/nginx/commit/524977e7
Patch10: 0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch
Patch11: 0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch
BuildRequires: make
BuildRequires: gcc
@ -440,6 +440,7 @@ install -p -m 0644 ./nginx.conf \
%{buildroot}%{_sysconfdir}/nginx
rm -f %{buildroot}%{_datadir}/nginx/html/index.html
rm -f %{buildroot}%{_datadir}/nginx/html/50x.html
%if 0%{?el7}
ln -s ../../doc/HTML/index.html \
%{buildroot}%{_datadir}/nginx/html/index.html
@ -517,6 +518,10 @@ install -m755 $RPM_SOURCE_DIR/nginx-ssl-pass-dialog \
# install sysusers file
install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/nginx.conf
# tmpfiles.d configuration
mkdir -p %{buildroot}%{_tmpfilesdir}
install -m 644 -p %{SOURCE20} %{buildroot}%{_tmpfilesdir}/nginx.conf
%pre filesystem
%sysusers_create_compat %{SOURCE19}
@ -606,6 +611,7 @@ fi
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
%attr(711,root,root) %dir %{_localstatedir}/log/nginx
%{_tmpfilesdir}/nginx.conf
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log
%dir %{nginx_moduledir}
@ -659,33 +665,35 @@ fi
%changelog
## START: Generated by rpmautospec
* Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-8
- Fix release number
* Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-6.3
- Resolves: RHEL-176231 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)
* Thu May 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-7
- Resolves: RHEL-176217 - nginx: NGINX: Arbitrary Code
* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-6.2
- rebuild for the right candidate tag
* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-6
- Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or
Code Execution via specially crafted MP4 files
* Thu Mar 26 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-6.1
- RHEL-159547 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- RHEL-159526 CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- RHEL-159434 CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- RHEL-157875 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-5
- Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via
undisclosed requests when ngx_mail_auth_http_module is enabled
* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-4
- Resolves: RHEL-159525 CVE-2026-27784 nginx: NGINX: Denial of Service due
to memory corruption via crafted MP4 file
* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:1.26.3-3
- Resolves: RHEL-159546 CVE-2026-27654 nginx: NGINX: Denial of Service or
file modification via buffer overflow in ngx_http_dav_module
* Wed Feb 11 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-2
* Wed Feb 11 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-6
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections
* Thu Jan 29 2026 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-5
- Clarify binding behavior of -t option.
* Thu Nov 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-4
- Remove 50x.html from the nginx package
* Thu Oct 23 2025 Branislav Náter <bnater@redhat.com> - 2:1.26.3-3
- Run tests in centos-stream namespace
* Tue Sep 16 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-2
- Add tmpfiles.d rules for /var directories (bootc compatibility)
* Thu Feb 06 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.26.3-1
- New version 1.26.3
@ -742,600 +750,3 @@ fi
- refresh patches
- update default config http2 directive
- remove outdated custom error pages, reducing maintenance burden
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.24.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.24.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Sep 09 2023 Felix Kaechele <felix@kaechele.ca> - 1:1.24.0-6
- Use SPDX license identifier in License tag
* Mon Aug 07 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-5
- Related: #2224582 - Running nginx with systemctl and entering ssl private
key's pass phrase
* Fri Jul 21 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-4
- Resolves: #2224582 - Running nginx with systemctl and entering ssl
private key's pass phrase
- added new ssl_pass_phrase_dialog directive which enables setting external
program for entering password for encrypted private key
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.24.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.24.0-2
- Perl 5.38 rebuild
* Tue Apr 11 2023 Felix Kaechele <felix@kaechele.ca> - 1:1.24.0-1
- update to 1.24.0
- update maxim.key (same key, new expiry date)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Oct 19 2022 Felix Kaechele <felix@kaechele.ca> - 1:1.22.1-1
- update 1.22.1
- build against OpenSSL 3 on EL8
- enable kTLS support
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.0-3
- Fix nginx downgrade issue after introducing core sub-package
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.22.0-2
- Perl 5.36 rebuild
* Wed May 25 2022 Felix Kaechele <heffer@fedoraproject.org> - 1:1.22.0-1
- update to 1.22.0
- switch to pcre2
- drop CVE-2021-3618 patch, it's upstreamed
- add signing key of Konstantin Pavlov
- add stream_geoip_module and stream_realip_module
* Thu Mar 24 2022 Honza Horak <hhorak@redhat.com> - 1:1.20.2-4
- Introduce core sub-package for having a daemon only with a minimal footprint
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.20.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 17 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.2-1
- update to 1.20.2
* Mon Oct 18 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-9
- fix installation of nginxmods.attr for EPEL 7
* Mon Oct 18 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-8
- Fix "file size changed while zipping" when rotating logs (rhbz#1980948,2015249,2015243)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:1.20.1-7
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 10 2021 Neal Gompa <ngompa@datto.com> - 1:1.20.1-6
- Add -mod-devel subpackage for building external nginx modules (rhbz#1989778)
* Mon Aug 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-5
- Add symlink used by system-logos-httpd
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.20.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-3
- fix for CVE-2021-3618 (rhbz#1975651)
* Tue Jun 01 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-2
- use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2
* Tue May 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-1
- update to 1.20.1 (fixes CVE-2021-23017)
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.20.0-4
- Perl 5.34 rebuild
* Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-3
- Related: #1636235 - centralizing default index.html on nginx
* Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-2
- sync rawhide and EPEL7 spec files again
- systemd service reload now checks config file (rhbz#1565377)
- drop nginx requirement on nginx-all-modules (rhbz#1708799)
- let nginx handle log creation on logrotate (rhbz#1683388)
- have log directory owned by root (rhbz#1390183, CVE-2016-1247)
- remove obsolete --with-ipv6 (src PR#8)
- correction: pcre2 is actually not supported by nginx, reintroduce pcre
* Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-1
- update to 1.20.0
- sync with mainline spec file
- order configure options alphabetically for easier comparinggit
- add --with-compat option (rhbz#1834452)
- add patch to fix PIDFile race condition (rhbz#1869026)
- use pcre2 instead of pcre (rhbz#1938984)
- add Wants=network-online.target to systemd unit (rhbz#1943779)
* Mon Feb 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-5
- Resolves: #1931402 - drop gperftools module
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.18.0-2
- Perl 5.32 rebuild
* Fri Apr 24 2020 Felix Kaechele <heffer@fedoraproject.org> - 1:1.18.0-1
- Update to 1.18.0
- Increased types_hash_max_size to 4096 in default config
- Add gpg source verification
- Add Recommends: logrotate
- Drop location / from default config (rhbz#1564768)
- Drop default_sever from default config (rhbz#1373822)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 15 2019 Warren Togami <warren@blockstream.com>
- add conditionals for EPEL7, see rhbz#1750857
* Tue Aug 13 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.1-1
- Update to upstream release 1.16.1
- Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.16.0-4
- Perl 5.30 rebuild
* Tue May 14 2019 Stephen Gallagher <sgallagh@redhat.com> - 1.16.0-3
- Move to common default index.html
- Resolves: rhbz#1636235
* Tue May 07 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-2
- Add missing directory for vim plugin
* Fri Apr 26 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-1
- Update to upstream release 1.16.0
* Mon Mar 04 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.15.9-1
- Update to upstream release 1.15.9
- Enable ngx_stream_ssl_preread module
- Remove redundant conditionals
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:1.14.1-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
- fix unexpanded paths in nginx(8)
* Tue Nov 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
- new version 1.14.1
- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
disclosure via mp4 module
- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
in HTTP/2 implementation
* Mon Aug 06 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-14
- add requires on perl(constant) for mod-http-perl
* Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-13
- don't build with geoip by default
* Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
- add build conditional for geoip support
* Mon Jul 16 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.1-11
- Add gcc to BuildRequires to account for
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.1-9
- Perl 5.28 rebuild
* Mon May 14 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-8
- Related: #1573942 - nginx fails on start
* Wed May 02 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-7
- Resolves: #1573942 - nginx fails on start
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 24 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-5
- Add patch to apply glibc bugfix if really needed only
- Disable strict symbol checks in the link editor
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-4
- Rebuilt for switch to libxcrypt
* Tue Oct 24 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-3
- rebuild
* Tue Sep 19 2017 Remi Collet <remi@fedoraproject.org> - 1:1.12.1-2
- own system drop-in directories #1493036
* Tue Aug 15 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-1
- update to 1.12.1 (#1469924)
- enable http_auth_request_module (Tim Niemueller, #1471106)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.0-2
- Perl 5.26 rebuild
* Tue May 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.0-1
- new version 1.12.0
* Wed Feb 8 2017 Joe Orton <jorton@redhat.com> - 1:1.10.3-1
- update to upstream release 1.10.3
* Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
- update to upstream release 1.10.2
* Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
- update to upstream release 1.10.1
* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
- Perl 5.24 rebuild
* Sun May 8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
- Enable AIO on aarch64 (rhbz 1258414)
* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
- only Require nginx-all-modules for EPEL and current Fedora releases
* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
- update to upstream release 1.10.0
- split dynamic modules into subpackages
- spec file cleanup
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
- update to upstream release 1.8.1
- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
- CVE-2016-0746: Use-after-free during CNAME response processing in resolver
- CVE-2016-0742: Invalid pointer dereference in resolver
* Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
- consistently use '%%global with_foo' style of logic
- remove PID file before starting nginx (#1268621)
* Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
- Use nginx-mimetypes from mailcap (#1248736)
- Mark LICENSE as %%license
* Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
- also build with gperftools on aarch64 (#1258412)
* Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
- nginx.conf: added commented-out SSL configuration directives (#1179232)
* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
- switch back to /bin/kill in logrotate script due to SELinux denials
* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
- fix path to png in error pages (#1232277)
- optimize png images with optipng
* Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
- remove After=syslog.target in nginx.service (#1231543)
- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
- Perl 5.22 rebuild
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
- revert previous change
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
- move default server to default.conf (#1220094)
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
- add TimeoutStopSec=5 and KillMode=mixed to nginx.service
- set worker_processes to auto
- add some common options to the http block in nginx.conf
- run nginx-upgrade on package update
- remove some redundant scriptlet commands
- listen on ipv6 for default server (#1217081)
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
- improve nginx-upgrade script
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
- add --with-pcre-jit
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
- update to upstream release 1.8.0
* Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
- update to upstream release 1.7.12
* Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
- update to upstream release 1.7.10
- remove systemd conditionals
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
- fix package ownership of directories
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
- add vim files (#1142849)
* Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
- create nginx-filesystem subpackage (patch from Remi Collet)
- create /etc/nginx/default.d as a drop-in directory for configuration files
for the default server block
- clean up nginx.conf
* Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
- update to upstream release 1.6.2
- CVE-2014-3616 nginx: virtual host confusion (#1142573)
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
- add logic for EPEL 7
* Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
- update to upstream release 1.6.1
- (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
* Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
- Fix FTBFS on aarch64 (#1115559)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
- update to upstream release 1.6.0
* Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
- update to upstream release 1.4.7
* Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
- update to upstream release 1.4.6
* Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
- avoid multiple index directives (#1065488)
* Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
- update to upstream release 1.4.5
* Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
- Update to upstream release 1.4.4
- Security fix BZ 1032267
* Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
- update to upstream release 1.4.3
* Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
- Add in conditionals to build for non-systemd targets
* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
- Perl 5.18 rebuild
* Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
- update to upstream release 1.4.2
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
- Perl 5.18 rebuild
* Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
- rebuild for new GD 2.1.0
* Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
- update to upstream release 1.4.1 (#960605, #960606):
CVE-2013-2028 stack-based buffer overflow when handling certain chunked
transfer encoding requests
* Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
- gperftools exist only on selected arches
* Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
- update to upstream release 1.4.0
- enable SPDY module (new in this version)
- enable http gunzip module (new in this version)
- enable google perftools module and add gperftools-devel to BR
- enable debugging (#956845)
- trim changelog
* Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
- update to upstream release 1.2.8
* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
- make sure nginx directories are not world readable (#913724, #913735)
* Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
- update to upstream release 1.2.7
- add .asc file
* Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
- use 'kill' instead of 'systemctl' when rotating log files to workaround
SELinux issue (#889151)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
conf.d directory empty (#903065)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
(#903065)
* Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
- send correct kill signal and use correct file permissions when rotating
log files (#888225)
- send correct kill signal in nginx-upgrade
* Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
- update to upstream release 1.2.6
* Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
- update to upstream release 1.2.5
* Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
- update to upstream release 1.2.4
- introduce new systemd-rpm macros (#850228)
- link to official documentation not the community wiki (#870733)
- do not run systemctl try-restart after package upgrade to allow the
administrator to run nginx-upgrade and avoid downtime
- add nginx man page (#870738)
- add nginx-upgrade man page and remove README.fedora
- remove chkconfig from Requires(post/preun)
- remove initscripts from Requires(preun/postun)
- remove separate configuration files in "/etc/nginx/conf.d" directory
and revert to upstream default of a centralized nginx.conf file
(#803635) (#842738)
* Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
- update to upstream release 1.2.3
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
- Perl 5.16 rebuild
* Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
- update to upstream release 1.2.1
* Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
- Perl 5.16 rebuild
* Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
- update to upstream release 1.2.0
* Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
- add nginx-upgrade to replace functionality from the nginx initscript
that was lost after migration to systemd
- add README.fedora to describe usage of nginx-upgrade
- nginx.logrotate: use built-in systemd kill command in postrotate script
- nginx.service: start after syslog.target and network.target
- nginx.service: remove unnecessary references to config file location
- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
advice from nginx-devel
- nginx.service: use private /tmp
* Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
- fix incorrect postrotate script in nginx.logrotate
* Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
- renable auto-cc-gcc patch due to warnings on rawhide
* Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
- update to upstream release 1.0.15
- no need to apply auto-cc-gcc patch
- add %%global _hardened_build 1
* Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
- update to upstream release 1.0.14
- amend some %%changelog formatting
* Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
- update to upstream release 1.0.13
- amend --pid-path and --log-path
* Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
- change pid path in nginx.conf to match systemd service file
* Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
- fix %%pre scriptlet
* Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
- update upstream URL
- replace %%define with %%global
- remove obsolete BuildRoot tag, %%clean section and %%defattr
- remove various unnecessary commands
- add systemd service file and update scriptlets
- add Epoch to accommodate %%triggerun as part of systemd migration
* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
- Update to 1.0.12
* Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
* Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
- Update to new 1.0.8 stable release
* Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
- Update nginx to Latest Stable Release
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
- Perl mass rebuild
* Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
- Perl 5.14 mass rebuild
* Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
- Update to 1.0.0
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
- Extract out default config into its own file (bug #635776)
* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
- Revert ownership of log dir
* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
- Change ownership of /var/log/nginx to be 0700 nginx:nginx
- update init script to use killproc -p
- add reopen_logs command to init script
- update init script to use nginx -q option
* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
- Fix linking of perl module
* Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
- Update to new stable 0.8.53
* Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
- add Provides: webserver (bug #619693)
* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
- Update to new stable 0.7.67
- fix bugzilla #591543
* Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
- Mass rebuild with perl-5.12.0
* Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
- Update to new stable 0.7.65
- change ownership of logdir to root:root
- add support for ipv6 (bug #561248)
- add random_index_module
- add secure_link_module
* Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
- Update to new stable 0.7.64
## END: Generated by rpmautospec

3
nginx.tmpfiles Normal file
View File

@ -0,0 +1,3 @@
d /var/lib/nginx 770 nginx root -
d /var/lib/nginx/tmp 770 nginx root -
d /var/log/nginx 711 root root -