From 28f9805350513bcbe76fc51fd6012055aabf66bd Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Tue, 19 May 2026 19:34:25 -0400 Subject: [PATCH] import UBI nginx-1.26.3-6.el10_2.3 --- ...Clarify-binding-behavior-of-t-option.patch | 37 + ...premature-plain-text-response-from-S.patch | 0 ...-length-validation-for-COPY-and-MOVE.patch | 0 ...le-integer-overflow-on-32-bit-platfo.patch | 0 ...aring-s-passwd-in-auth-http-requests.patch | 0 ...p4-avoid-zero-size-buffers-in-output.patch | 0 ...escaping-and-possible-buffer-overrun.patch | 2 +- nginx.spec | 679 ++---------------- nginx.tmpfiles | 3 + 9 files changed, 86 insertions(+), 635 deletions(-) create mode 100644 0006-Clarify-binding-behavior-of-t-option.patch rename 0006-Upstream-detect-premature-plain-text-response-from-S.patch => 0007-Upstream-detect-premature-plain-text-response-from-S.patch (100%) rename 0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch => 0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch (100%) rename 0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch => 0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch (100%) rename 0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch => 0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch (100%) rename 0010-Mp4-avoid-zero-size-buffers-in-output.patch => 0011-Mp4-avoid-zero-size-buffers-in-output.patch (100%) rename 0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch => 0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch (95%) create mode 100644 nginx.tmpfiles diff --git a/0006-Clarify-binding-behavior-of-t-option.patch b/0006-Clarify-binding-behavior-of-t-option.patch new file mode 100644 index 0000000..dee159f --- /dev/null +++ b/0006-Clarify-binding-behavior-of-t-option.patch @@ -0,0 +1,37 @@ +From dc847f7aedf0b4f8bbf9d7f9ba983541c6ca88c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Tue, 20 Jan 2026 19:27:05 +0100 +Subject: [PATCH] Clarify binding behavior of -t option. + +Configuration testing includes binding to configured listen addresses +when opening referenced files. +--- + man/nginx.8 | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/nginx.8 b/man/nginx.8 +index 10db3e6..64d9ae7 100644 +--- a/man/nginx.8 ++++ b/man/nginx.8 +@@ -25,7 +25,7 @@ + .\" SUCH DAMAGE. + .\" + .\" +-.Dd November 5, 2020 ++.Dd January 21, 2026 + .Dt NGINX 8 + .Os + .Sh NAME +@@ -98,7 +98,8 @@ but additionally dump configuration files to standard output. + Do not run, just test the configuration file. + .Nm + checks the configuration file syntax and then tries to open files +-referenced in the configuration file. ++referenced in the configuration file, including binding to configured ++listen addresses. + .It Fl V + Print the + .Nm +-- +2.44.0 + diff --git a/0006-Upstream-detect-premature-plain-text-response-from-S.patch b/0007-Upstream-detect-premature-plain-text-response-from-S.patch similarity index 100% rename from 0006-Upstream-detect-premature-plain-text-response-from-S.patch rename to 0007-Upstream-detect-premature-plain-text-response-from-S.patch diff --git a/0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch b/0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch similarity index 100% rename from 0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch rename to 0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch diff --git a/0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch b/0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch similarity index 100% rename from 0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch rename to 0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch diff --git a/0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch b/0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch similarity index 100% rename from 0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch rename to 0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch diff --git a/0010-Mp4-avoid-zero-size-buffers-in-output.patch b/0011-Mp4-avoid-zero-size-buffers-in-output.patch similarity index 100% rename from 0010-Mp4-avoid-zero-size-buffers-in-output.patch rename to 0011-Mp4-avoid-zero-size-buffers-in-output.patch diff --git a/0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch b/0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch similarity index 95% rename from 0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch rename to 0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch index 1ef2921..ec4d881 100644 --- a/0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch +++ b/0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch @@ -1,4 +1,4 @@ -From 4a644be298b126c7fc13b720cefb88d75a4e6aa4 Mon Sep 17 00:00:00 2001 +From d7c5b781bd24e0a1b955ee95d69e75b82f16ea0a Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Wed, 22 Apr 2026 09:39:31 +0400 Subject: [PATCH] Rewrite: fixed escaping and possible buffer overrun diff --git a/nginx.spec b/nginx.spec index 269a048..e2db4c1 100644 --- a/nginx.spec +++ b/nginx.spec @@ -1,8 +1,3 @@ -## START: Set by rpmautospec -## (rpmautospec version 0.6.5) -## RPMAUTOSPEC: autochangelog -## END: Set by rpmautospec - %global _hardened_build 1 %global nginx_user nginx @@ -67,7 +62,7 @@ Name: nginx Epoch: 2 Version: 1.26.3 -Release: 2%{?dist}.2 +Release: 6%{?dist}.3 Summary: A high performance web server and reverse proxy server License: BSD-2-Clause @@ -91,6 +86,7 @@ Source16: nginxmods.attr Source17: nginx-ssl-pass-dialog Source18: nginx@.service Source19: nginx.sysusers +Source20: nginx.tmpfiles Source102: nginx-logo.png Source200: README.dynamic Source210: UPGRADE-NOTES-1.6-to-1.10 @@ -114,30 +110,34 @@ Patch3: 0004-Disable-ENGINE-support.patch # downstream patch - Compile perl module with O2 Patch4: 0005-Compile-perl-module-with-O2.patch +# https://issues.redhat.com/browse/RHEL-113229 +# upstream patch - https://github.com/nginx/nginx/pull/1089 +Patch5: 0006-Clarify-binding-behavior-of-t-option.patch + # https://issues.redhat.com/browse/RHEL-146516 # upstream patch - https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e -Patch5: 0006-Upstream-detect-premature-plain-text-response-from-S.patch +Patch6: 0007-Upstream-detect-premature-plain-text-response-from-S.patch -# https://redhat.atlassian.net/browse/RHEL-159546 +# https://redhat.atlassian.net/browse/RHEL-159547 # upstream patch - https://github.com/nginx/nginx/commit/a1d18284e0a17 # whitespace were removed from the patch -Patch6: 0007-Dav-destination-length-validation-for-COPY-and-MOVE.patch +Patch7: 0008-Dav-destination-length-validation-for-COPY-and-MOVE.patch -# https://redhat.atlassian.net/browse/RHEL-159525 +# https://redhat.atlassian.net/browse/RHEL-159526 # upstream patch - https://github.com/nginx/nginx/commit/3568812cf98df -Patch7: 0008-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch +Patch8: 0009-Mp4-fixed-possible-integer-overflow-on-32-bit-platfo.patch -# https://redhat.atlassian.net/browse/RHEL-159433 +# https://redhat.atlassian.net/browse/RHEL-159434 # upstream patch - https://github.com/nginx/nginx/commit/9bc13718fe8a59a45 -Patch8: 0009-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch +Patch9: 0010-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch -# https://redhat.atlassian.net/browse/RHEL-157874 +# https://redhat.atlassian.net/browse/RHEL-157875 # upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f -Patch9: 0010-Mp4-avoid-zero-size-buffers-in-output.patch +Patch10: 0011-Mp4-avoid-zero-size-buffers-in-output.patch # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-42945 # upstream patch - https://github.com/nginx/nginx/commit/524977e7 -Patch10: 0011-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch +Patch11: 0012-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch BuildRequires: make BuildRequires: gcc @@ -440,6 +440,7 @@ install -p -m 0644 ./nginx.conf \ %{buildroot}%{_sysconfdir}/nginx rm -f %{buildroot}%{_datadir}/nginx/html/index.html +rm -f %{buildroot}%{_datadir}/nginx/html/50x.html %if 0%{?el7} ln -s ../../doc/HTML/index.html \ %{buildroot}%{_datadir}/nginx/html/index.html @@ -517,6 +518,10 @@ install -m755 $RPM_SOURCE_DIR/nginx-ssl-pass-dialog \ # install sysusers file install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/nginx.conf +# tmpfiles.d configuration +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 -p %{SOURCE20} %{buildroot}%{_tmpfilesdir}/nginx.conf + %pre filesystem %sysusers_create_compat %{SOURCE19} @@ -606,6 +611,7 @@ fi %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp %attr(711,root,root) %dir %{_localstatedir}/log/nginx +%{_tmpfilesdir}/nginx.conf %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log %dir %{nginx_moduledir} @@ -659,33 +665,35 @@ fi %changelog -## START: Generated by rpmautospec -* Thu May 14 2026 Luboš Uhliarik - 2:1.26.3-8 -- Fix release number +* Thu May 14 2026 Luboš Uhliarik - 2:1.26.3-6.3 +- Resolves: RHEL-176231 - nginx: NGINX: Arbitrary Code Execution + Vulnerability (CVE-2026-42945) -* Thu May 14 2026 Luboš Uhliarik - 2:1.26.3-7 -- Resolves: RHEL-176217 - nginx: NGINX: Arbitrary Code +* Fri Mar 27 2026 Zdenek Dohnal - 2:1.26.3-6.2 +- rebuild for the right candidate tag -* Tue Mar 31 2026 Zdenek Dohnal - 2:1.26.3-6 -- Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or - Code Execution via specially crafted MP4 files +* Thu Mar 26 2026 Zdenek Dohnal - 2:1.26.3-6.1 +- RHEL-159547 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module +- RHEL-159526 CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file +- RHEL-159434 CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled +- RHEL-157875 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files -* Tue Mar 31 2026 Zdenek Dohnal - 2:1.26.3-5 -- Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via - undisclosed requests when ngx_mail_auth_http_module is enabled - -* Tue Mar 31 2026 Zdenek Dohnal - 2:1.26.3-4 -- Resolves: RHEL-159525 CVE-2026-27784 nginx: NGINX: Denial of Service due - to memory corruption via crafted MP4 file - -* Tue Mar 31 2026 Zdenek Dohnal - 2:1.26.3-3 -- Resolves: RHEL-159546 CVE-2026-27654 nginx: NGINX: Denial of Service or - file modification via buffer overflow in ngx_http_dav_module - -* Wed Feb 11 2026 Luboš Uhliarik - 2:1.26.3-2 +* Wed Feb 11 2026 Luboš Uhliarik - 2:1.26.3-6 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections +* Thu Jan 29 2026 Luboš Uhliarik - 2:1.26.3-5 +- Clarify binding behavior of -t option. + +* Thu Nov 20 2025 Luboš Uhliarik - 2:1.26.3-4 +- Remove 50x.html from the nginx package + +* Thu Oct 23 2025 Branislav Náter - 2:1.26.3-3 +- Run tests in centos-stream namespace + +* Tue Sep 16 2025 Luboš Uhliarik - 2:1.26.3-2 +- Add tmpfiles.d rules for /var directories (bootc compatibility) + * Thu Feb 06 2025 Luboš Uhliarik - 2:1.26.3-1 - New version 1.26.3 @@ -742,600 +750,3 @@ fi - refresh patches - update default config http2 directive - remove outdated custom error pages, reducing maintenance burden - -* Thu Jan 25 2024 Fedora Release Engineering - 1:1.24.0-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Sun Jan 21 2024 Fedora Release Engineering - 1:1.24.0-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Sat Sep 09 2023 Felix Kaechele - 1:1.24.0-6 -- Use SPDX license identifier in License tag - -* Mon Aug 07 2023 Luboš Uhliarik - 1:1.24.0-5 -- Related: #2224582 - Running nginx with systemctl and entering ssl private - key's pass phrase - -* Fri Jul 21 2023 Luboš Uhliarik - 1:1.24.0-4 -- Resolves: #2224582 - Running nginx with systemctl and entering ssl - private key's pass phrase -- added new ssl_pass_phrase_dialog directive which enables setting external - program for entering password for encrypted private key - -* Thu Jul 20 2023 Fedora Release Engineering - 1:1.24.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Tue Jul 11 2023 Jitka Plesnikova - 1:1.24.0-2 -- Perl 5.38 rebuild - -* Tue Apr 11 2023 Felix Kaechele - 1:1.24.0-1 -- update to 1.24.0 -- update maxim.key (same key, new expiry date) - -* Thu Jan 19 2023 Fedora Release Engineering - 1:1.22.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Oct 19 2022 Felix Kaechele - 1:1.22.1-1 -- update 1.22.1 -- build against OpenSSL 3 on EL8 -- enable kTLS support - -* Fri Jul 22 2022 Fedora Release Engineering - 1:1.22.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Mon Jun 27 2022 Luboš Uhliarik - 1:1.22.0-3 -- Fix nginx downgrade issue after introducing core sub-package - -* Mon May 30 2022 Jitka Plesnikova - 1:1.22.0-2 -- Perl 5.36 rebuild - -* Wed May 25 2022 Felix Kaechele - 1:1.22.0-1 -- update to 1.22.0 -- switch to pcre2 -- drop CVE-2021-3618 patch, it's upstreamed -- add signing key of Konstantin Pavlov -- add stream_geoip_module and stream_realip_module - -* Thu Mar 24 2022 Honza Horak - 1:1.20.2-4 -- Introduce core sub-package for having a daemon only with a minimal footprint - -* Thu Jan 20 2022 Fedora Release Engineering - 1:1.20.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Fri Dec 17 2021 Felix Kaechele - 1:1.20.2-1 -- update to 1.20.2 - -* Mon Oct 18 2021 Felix Kaechele - 1:1.20.1-9 -- fix installation of nginxmods.attr for EPEL 7 - -* Mon Oct 18 2021 Felix Kaechele - 1:1.20.1-8 -- Fix "file size changed while zipping" when rotating logs (rhbz#1980948,2015249,2015243) - -* Tue Sep 14 2021 Sahana Prasad - 1:1.20.1-7 -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 10 2021 Neal Gompa - 1:1.20.1-6 -- Add -mod-devel subpackage for building external nginx modules (rhbz#1989778) - -* Mon Aug 09 2021 Luboš Uhliarik - 1:1.20.1-5 -- Add symlink used by system-logos-httpd - -* Thu Jul 22 2021 Fedora Release Engineering - 1:1.20.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 25 2021 Felix Kaechele - 1:1.20.1-3 -- fix for CVE-2021-3618 (rhbz#1975651) - -* Tue Jun 01 2021 Felix Kaechele - 1:1.20.1-2 -- use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2 - -* Tue May 25 2021 Felix Kaechele - 1:1.20.1-1 -- update to 1.20.1 (fixes CVE-2021-23017) - -* Fri May 21 2021 Jitka Plesnikova - 1:1.20.0-4 -- Perl 5.34 rebuild - -* Fri Apr 30 2021 Lubos Uhliarik - 1:1.20.0-3 -- Related: #1636235 - centralizing default index.html on nginx - -* Wed Apr 21 2021 Felix Kaechele - 1:1.20.0-2 -- sync rawhide and EPEL7 spec files again -- systemd service reload now checks config file (rhbz#1565377) -- drop nginx requirement on nginx-all-modules (rhbz#1708799) -- let nginx handle log creation on logrotate (rhbz#1683388) -- have log directory owned by root (rhbz#1390183, CVE-2016-1247) -- remove obsolete --with-ipv6 (src PR#8) -- correction: pcre2 is actually not supported by nginx, reintroduce pcre - -* Wed Apr 21 2021 Felix Kaechele - 1:1.20.0-1 -- update to 1.20.0 -- sync with mainline spec file -- order configure options alphabetically for easier comparinggit -- add --with-compat option (rhbz#1834452) -- add patch to fix PIDFile race condition (rhbz#1869026) -- use pcre2 instead of pcre (rhbz#1938984) -- add Wants=network-online.target to systemd unit (rhbz#1943779) - -* Mon Feb 22 2021 Lubos Uhliarik - 1:1.18.0-5 -- Resolves: #1931402 - drop gperftools module - -* Tue Jan 26 2021 Fedora Release Engineering - 1:1.18.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Tue Jul 28 2020 Fedora Release Engineering - 1:1.18.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Mon Jun 22 2020 Jitka Plesnikova - 1:1.18.0-2 -- Perl 5.32 rebuild - -* Fri Apr 24 2020 Felix Kaechele - 1:1.18.0-1 -- Update to 1.18.0 -- Increased types_hash_max_size to 4096 in default config -- Add gpg source verification -- Add Recommends: logrotate -- Drop location / from default config (rhbz#1564768) -- Drop default_sever from default config (rhbz#1373822) - -* Wed Jan 29 2020 Fedora Release Engineering - 1:1.16.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sun Sep 15 2019 Warren Togami -- add conditionals for EPEL7, see rhbz#1750857 - -* Tue Aug 13 2019 Jamie Nguyen - 1:1.16.1-1 -- Update to upstream release 1.16.1 -- Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 - -* Thu Jul 25 2019 Fedora Release Engineering - 1:1.16.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu May 30 2019 Jitka Plesnikova - 1:1.16.0-4 -- Perl 5.30 rebuild - -* Tue May 14 2019 Stephen Gallagher - 1.16.0-3 -- Move to common default index.html -- Resolves: rhbz#1636235 - -* Tue May 07 2019 Jamie Nguyen - 1:1.16.0-2 -- Add missing directory for vim plugin - -* Fri Apr 26 2019 Jamie Nguyen - 1:1.16.0-1 -- Update to upstream release 1.16.0 - -* Mon Mar 04 2019 Jamie Nguyen - 1:1.15.9-1 -- Update to upstream release 1.15.9 -- Enable ngx_stream_ssl_preread module -- Remove redundant conditionals - -* Fri Feb 01 2019 Fedora Release Engineering - 1:1.14.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Jan 14 2019 Björn Esser - 1:1.14.1-4 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Tue Dec 11 2018 Joe Orton - 1:1.14.1-3 -- fix unexpanded paths in nginx(8) - -* Tue Nov 20 2018 Luboš Uhliarik - 1:1.14.1-2 -- new version 1.14.1 -- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available -- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory - disclosure via mp4 module -- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption - via flaw in HTTP/2 implementation -- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw - in HTTP/2 implementation - -* Mon Aug 06 2018 Luboš Uhliarik - 1:1.12.1-14 -- add requires on perl(constant) for mod-http-perl - -* Mon Jul 30 2018 Luboš Uhliarik - 1:1.12.1-13 -- don't build with geoip by default - -* Thu Jul 19 2018 Joe Orton - 1:1.12.1-12 -- add build conditional for geoip support - -* Mon Jul 16 2018 Tadej Janež - 1:1.12.1-11 -- Add gcc to BuildRequires to account for - https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot - -* Fri Jul 13 2018 Fedora Release Engineering - 1:1.12.1-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed Jun 27 2018 Jitka Plesnikova - 1:1.12.1-9 -- Perl 5.28 rebuild - -* Mon May 14 2018 Luboš Uhliarik - 1:1.12.1-8 -- Related: #1573942 - nginx fails on start - -* Wed May 02 2018 Luboš Uhliarik - 1:1.12.1-7 -- Resolves: #1573942 - nginx fails on start - -* Thu Feb 08 2018 Fedora Release Engineering - 1:1.12.1-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jan 24 2018 Björn Esser - 1:1.12.1-5 -- Add patch to apply glibc bugfix if really needed only -- Disable strict symbol checks in the link editor - -* Sat Jan 20 2018 Björn Esser - 1:1.12.1-4 -- Rebuilt for switch to libxcrypt - -* Tue Oct 24 2017 Joe Orton - 1:1.12.1-3 -- rebuild - -* Tue Sep 19 2017 Remi Collet - 1:1.12.1-2 -- own system drop-in directories #1493036 - -* Tue Aug 15 2017 Joe Orton - 1:1.12.1-1 -- update to 1.12.1 (#1469924) -- enable http_auth_request_module (Tim Niemueller, #1471106) - -* Thu Aug 03 2017 Fedora Release Engineering - 1:1.12.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1:1.12.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Sun Jun 04 2017 Jitka Plesnikova - 1:1.12.0-2 -- Perl 5.26 rebuild - -* Tue May 30 2017 Luboš Uhliarik - 1:1.12.0-1 -- new version 1.12.0 - -* Wed Feb 8 2017 Joe Orton - 1:1.10.3-1 -- update to upstream release 1.10.3 - -* Mon Oct 31 2016 Jamie Nguyen - 1:1.10.2-1 -- update to upstream release 1.10.2 - -* Tue May 31 2016 Jamie Nguyen - 1:1.10.1-1 -- update to upstream release 1.10.1 - -* Sun May 15 2016 Jitka Plesnikova - 1:1.10.0-4 -- Perl 5.24 rebuild - -* Sun May 8 2016 Peter Robinson 1:1.10.0-3 -- Enable AIO on aarch64 (rhbz 1258414) - -* Wed Apr 27 2016 Jamie Nguyen - 1:1.10.0-2 -- only Require nginx-all-modules for EPEL and current Fedora releases - -* Wed Apr 27 2016 Jamie Nguyen - 1:1.10.0-1 -- update to upstream release 1.10.0 -- split dynamic modules into subpackages -- spec file cleanup - -* Thu Feb 04 2016 Fedora Release Engineering - 1:1.8.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Tue Jan 26 2016 Jamie Nguyen - 1:1.8.1-1 -- update to upstream release 1.8.1 -- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver -- CVE-2016-0746: Use-after-free during CNAME response processing in resolver -- CVE-2016-0742: Invalid pointer dereference in resolver - -* Sun Oct 04 2015 Jamie Nguyen - 1:1.8.0-14 -- consistently use '%%global with_foo' style of logic -- remove PID file before starting nginx (#1268621) - -* Fri Sep 25 2015 Ville Skyttä - 1:1.8.0-13 -- Use nginx-mimetypes from mailcap (#1248736) -- Mark LICENSE as %%license - -* Thu Sep 10 2015 Jamie Nguyen - 1:1.8.0-12 -- also build with gperftools on aarch64 (#1258412) - -* Wed Aug 12 2015 Nikos Mavrogiannopoulos - 1:1.8.0-11 -- nginx.conf: added commented-out SSL configuration directives (#1179232) - -* Fri Jul 03 2015 Jamie Nguyen - 1:1.8.0-10 -- switch back to /bin/kill in logrotate script due to SELinux denials - -* Tue Jun 16 2015 Jamie Nguyen - 1:1.8.0-9 -- fix path to png in error pages (#1232277) -- optimize png images with optipng - -* Sun Jun 14 2015 Jamie Nguyen - 1:1.8.0-8 -- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543) -- remove After=syslog.target in nginx.service (#1231543) -- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543) - -* Wed Jun 03 2015 Jitka Plesnikova - 1:1.8.0-7 -- Perl 5.22 rebuild - -* Sun May 10 2015 Jamie Nguyen - 1:1.8.0-6 -- revert previous change - -* Sun May 10 2015 Jamie Nguyen - 1:1.8.0-5 -- move default server to default.conf (#1220094) - -* Sun May 10 2015 Jamie Nguyen - 1:1.8.0-4 -- add TimeoutStopSec=5 and KillMode=mixed to nginx.service -- set worker_processes to auto -- add some common options to the http block in nginx.conf -- run nginx-upgrade on package update -- remove some redundant scriptlet commands -- listen on ipv6 for default server (#1217081) - -* Wed Apr 22 2015 Jamie Nguyen - 1:1.8.0-3 -- improve nginx-upgrade script - -* Wed Apr 22 2015 Jamie Nguyen - 1:1.8.0-2 -- add --with-pcre-jit - -* Wed Apr 22 2015 Jamie Nguyen - 1:1.8.0-1 -- update to upstream release 1.8.0 - -* Thu Apr 09 2015 Jamie Nguyen - 1:1.7.12-1 -- update to upstream release 1.7.12 - -* Sun Feb 15 2015 Jamie Nguyen - 1:1.7.10-1 -- update to upstream release 1.7.10 -- remove systemd conditionals - -* Wed Oct 22 2014 Jamie Nguyen - 1:1.6.2-4 -- fix package ownership of directories - -* Wed Oct 22 2014 Jamie Nguyen - 1:1.6.2-3 -- add vim files (#1142849) - -* Mon Sep 22 2014 Jamie Nguyen - 1:1.6.2-2 -- create nginx-filesystem subpackage (patch from Remi Collet) -- create /etc/nginx/default.d as a drop-in directory for configuration files - for the default server block -- clean up nginx.conf - -* Wed Sep 17 2014 Jamie Nguyen - 1:1.6.2-1 -- update to upstream release 1.6.2 -- CVE-2014-3616 nginx: virtual host confusion (#1142573) - -* Wed Aug 27 2014 Jitka Plesnikova - 1:1.6.1-4 -- Perl 5.20 rebuild - -* Sun Aug 17 2014 Fedora Release Engineering - 1:1.6.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Tue Aug 05 2014 Jamie Nguyen - 1:1.6.1-2 -- add logic for EPEL 7 - -* Tue Aug 05 2014 Jamie Nguyen - 1:1.6.1-1 -- update to upstream release 1.6.1 -- (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw - -* Wed Jul 02 2014 Yaakov Selkowitz - 1:1.6.0-3 -- Fix FTBFS on aarch64 (#1115559) - -* Sat Jun 07 2014 Fedora Release Engineering - 1:1.6.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat Apr 26 2014 Jamie Nguyen - 1:1.6.0-1 -- update to upstream release 1.6.0 - -* Tue Mar 18 2014 Jamie Nguyen - 1:1.4.7-1 -- update to upstream release 1.4.7 - -* Wed Mar 05 2014 Jamie Nguyen - 1:1.4.6-1 -- update to upstream release 1.4.6 - -* Sun Feb 16 2014 Jamie Nguyen - 1:1.4.5-2 -- avoid multiple index directives (#1065488) - -* Sun Feb 16 2014 Jamie Nguyen - 1:1.4.5-1 -- update to upstream release 1.4.5 - -* Wed Nov 20 2013 Peter Borsa - 1:1.4.4-1 -- Update to upstream release 1.4.4 -- Security fix BZ 1032267 - -* Sun Nov 03 2013 Jamie Nguyen - 1:1.4.3-1 -- update to upstream release 1.4.3 - -* Fri Aug 09 2013 Jonathan Steffan - 1:1.4.2-3 -- Add in conditionals to build for non-systemd targets - -* Sat Aug 03 2013 Petr Pisar - 1:1.4.2-2 -- Perl 5.18 rebuild - -* Fri Jul 19 2013 Jamie Nguyen - 1:1.4.2-1 -- update to upstream release 1.4.2 - -* Wed Jul 17 2013 Petr Pisar - 1:1.4.1-3 -- Perl 5.18 rebuild - -* Tue Jun 11 2013 Remi Collet - 1:1.4.1-2 -- rebuild for new GD 2.1.0 - -* Tue May 07 2013 Jamie Nguyen - 1:1.4.1-1 -- update to upstream release 1.4.1 (#960605, #960606): - CVE-2013-2028 stack-based buffer overflow when handling certain chunked - transfer encoding requests - -* Sun Apr 28 2013 Dan Horák - 1:1.4.0-2 -- gperftools exist only on selected arches - -* Fri Apr 26 2013 Jamie Nguyen - 1:1.4.0-1 -- update to upstream release 1.4.0 -- enable SPDY module (new in this version) -- enable http gunzip module (new in this version) -- enable google perftools module and add gperftools-devel to BR -- enable debugging (#956845) -- trim changelog - -* Tue Apr 02 2013 Jamie Nguyen - 1:1.2.8-1 -- update to upstream release 1.2.8 - -* Fri Feb 22 2013 Jamie Nguyen - 1:1.2.7-2 -- make sure nginx directories are not world readable (#913724, #913735) - -* Sat Feb 16 2013 Jamie Nguyen - 1:1.2.7-1 -- update to upstream release 1.2.7 -- add .asc file - -* Tue Feb 05 2013 Jamie Nguyen - 1:1.2.6-6 -- use 'kill' instead of 'systemctl' when rotating log files to workaround - SELinux issue (#889151) - -* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-5 -- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the - conf.d directory empty (#903065) - -* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-4 -- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf" - (#903065) - -* Wed Dec 19 2012 Jamie Nguyen - 1:1.2.6-3 -- use correct file ownership when rotating log files - -* Tue Dec 18 2012 Jamie Nguyen - 1:1.2.6-2 -- send correct kill signal and use correct file permissions when rotating - log files (#888225) -- send correct kill signal in nginx-upgrade - -* Tue Dec 11 2012 Jamie Nguyen - 1:1.2.6-1 -- update to upstream release 1.2.6 - -* Sat Nov 17 2012 Jamie Nguyen - 1:1.2.5-1 -- update to upstream release 1.2.5 - -* Sun Oct 28 2012 Jamie Nguyen - 1:1.2.4-1 -- update to upstream release 1.2.4 -- introduce new systemd-rpm macros (#850228) -- link to official documentation not the community wiki (#870733) -- do not run systemctl try-restart after package upgrade to allow the - administrator to run nginx-upgrade and avoid downtime -- add nginx man page (#870738) -- add nginx-upgrade man page and remove README.fedora -- remove chkconfig from Requires(post/preun) -- remove initscripts from Requires(preun/postun) -- remove separate configuration files in "/etc/nginx/conf.d" directory - and revert to upstream default of a centralized nginx.conf file - (#803635) (#842738) - -* Fri Sep 21 2012 Jamie Nguyen - 1:1.2.3-1 -- update to upstream release 1.2.3 - -* Fri Jul 20 2012 Fedora Release Engineering - 1:1.2.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jun 28 2012 Petr Pisar - 1:1.2.1-2 -- Perl 5.16 rebuild - -* Sun Jun 10 2012 Jamie Nguyen - 1:1.2.1-1 -- update to upstream release 1.2.1 - -* Fri Jun 08 2012 Petr Pisar - 1:1.2.0-2 -- Perl 5.16 rebuild - -* Wed May 16 2012 Jamie Nguyen - 1:1.2.0-1 -- update to upstream release 1.2.0 - -* Wed May 16 2012 Jamie Nguyen - 1:1.0.15-4 -- add nginx-upgrade to replace functionality from the nginx initscript - that was lost after migration to systemd -- add README.fedora to describe usage of nginx-upgrade -- nginx.logrotate: use built-in systemd kill command in postrotate script -- nginx.service: start after syslog.target and network.target -- nginx.service: remove unnecessary references to config file location -- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following - advice from nginx-devel -- nginx.service: use private /tmp - -* Mon May 14 2012 Jamie Nguyen - 1:1.0.15-3 -- fix incorrect postrotate script in nginx.logrotate - -* Thu Apr 19 2012 Jamie Nguyen - 1:1.0.15-2 -- renable auto-cc-gcc patch due to warnings on rawhide - -* Sat Apr 14 2012 Jamie Nguyen - 1:1.0.15-1 -- update to upstream release 1.0.15 -- no need to apply auto-cc-gcc patch -- add %%global _hardened_build 1 - -* Thu Mar 15 2012 Jamie Nguyen - 1:1.0.14-1 -- update to upstream release 1.0.14 -- amend some %%changelog formatting - -* Tue Mar 06 2012 Jamie Nguyen - 1:1.0.13-1 -- update to upstream release 1.0.13 -- amend --pid-path and --log-path - -* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-5 -- change pid path in nginx.conf to match systemd service file - -* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-3 -- fix %%pre scriptlet - -* Mon Feb 20 2012 Jamie Nguyen - 1:1.0.12-2 -- update upstream URL -- replace %%define with %%global -- remove obsolete BuildRoot tag, %%clean section and %%defattr -- remove various unnecessary commands -- add systemd service file and update scriptlets -- add Epoch to accommodate %%triggerun as part of systemd migration - -* Sun Feb 19 2012 Jeremy Hinegardner - 1.0.12-1 -- Update to 1.0.12 - -* Thu Nov 17 2011 Keiran "Affix" Smith - 1.0.10-1 -- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. -- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4. -- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. - -* Thu Oct 27 2011 Keiran "Affix" Smith - 1.0.8-1 -- Update to new 1.0.8 stable release - -* Fri Aug 26 2011 Keiran "Affix" Smith - 1.0.5-1 -- Update nginx to Latest Stable Release - -* Fri Jun 17 2011 Marcela Mašláňová - 1.0.0-3 -- Perl mass rebuild - -* Thu Jun 09 2011 Marcela Mašláňová - 1.0.0-2 -- Perl 5.14 mass rebuild - -* Wed Apr 27 2011 Jeremy Hinegardner - 1.0.0-1 -- Update to 1.0.0 - -* Tue Feb 08 2011 Fedora Release Engineering - 0.8.53-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53.5 -- Extract out default config into its own file (bug #635776) - -* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-4 -- Revert ownership of log dir - -* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-3 -- Change ownership of /var/log/nginx to be 0700 nginx:nginx -- update init script to use killproc -p -- add reopen_logs command to init script -- update init script to use nginx -q option - -* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-2 -- Fix linking of perl module - -* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-1 -- Update to new stable 0.8.53 - -* Sat Jul 31 2010 Jeremy Hinegardner - 0.7.67-2 -- add Provides: webserver (bug #619693) - -* Sun Jun 20 2010 Jeremy Hinegardner - 0.7.67-1 -- Update to new stable 0.7.67 -- fix bugzilla #591543 - -* Tue Jun 01 2010 Marcela Maslanova - 0.7.65-2 -- Mass rebuild with perl-5.12.0 - -* Mon Feb 15 2010 Jeremy Hinegardner - 0.7.65-1 -- Update to new stable 0.7.65 -- change ownership of logdir to root:root -- add support for ipv6 (bug #561248) -- add random_index_module -- add secure_link_module - -* Fri Dec 04 2009 Jeremy Hinegardner - 0.7.64-1 -- Update to new stable 0.7.64 - -## END: Generated by rpmautospec diff --git a/nginx.tmpfiles b/nginx.tmpfiles new file mode 100644 index 0000000..1f84d81 --- /dev/null +++ b/nginx.tmpfiles @@ -0,0 +1,3 @@ +d /var/lib/nginx 770 nginx root - +d /var/lib/nginx/tmp 770 nginx root - +d /var/log/nginx 711 root root -