rpms/nginx
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Import from UBI

Browse Source
This commit is contained in:
eabdullin 2024-07-24 18:35:27 +03:00
parent 18269f976e
commit 5ba31e102f
9 changed files with 123 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/nginx-1.22.1.tar.gz
SOURCES/nginx-1.24.0.tar.gz
SOURCES/nginx-logo.png

2
.nginx.metadata
View File

@ -1,2 +1,2 @@
45a89797f7c789287c7f663811efbbd19e84f154 SOURCES/nginx-1.22.1.tar.gz
fec561c95c0320f1860c0d55a8724cd45e5cc238 SOURCES/nginx-1.24.0.tar.gz
e28dd656984cc2894d8124c5278789c656f6a9cb SOURCES/nginx-logo.png

80
SOURCES/0007-Enable-TLSv1.3-by-default.patch
View File

@ -1,21 +1,8 @@
From cc7b92c61a2833ff9dc2b4dfba4591966769da78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 21 Jun 2022 13:55:04 +0200
Subject: [PATCH] Enable TLSv1.3 by default in nginx
---
src/event/ngx_event_openssl.c | 77 ++++++++++++++------------
src/event/ngx_event_openssl.h | 1 +
src/http/modules/ngx_http_ssl_module.c | 3 +-
src/mail/ngx_mail_ssl_module.c | 3 +-
src/stream/ngx_stream_ssl_module.c | 3 +-
5 files changed, 46 insertions(+), 41 deletions(-)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index f813458..2e6a6c0 100644
index 948497c..c6dda52 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -258,6 +258,8 @@ ngx_ssl_init(ngx_log_t *log)
@@ -266,6 +266,8 @@ ngx_ssl_init(ngx_log_t *log)
ngx_int_t
ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
{
@ -24,7 +11,7 @@ index f813458..2e6a6c0 100644
ssl->ctx = SSL_CTX_new(SSLv23_method());
if (ssl->ctx == NULL) {
@@ -322,49 +324,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
@@ -325,49 +327,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
@ -76,16 +63,16 @@ index f813458..2e6a6c0 100644
+ if (protocols & NGX_SSL_TLSv1) {
+ prot = TLS1_VERSION;
+ }
+
-#ifdef SSL_CTX_set_min_proto_version
- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
+ if (prot == NGX_SSL_NO_PROT) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "No SSL protocols available [hint: ssl_protocols]");
+ return NGX_ERROR;
+ }
-#ifdef SSL_CTX_set_min_proto_version
- SSL_CTX_set_min_proto_version(ssl->ctx, 0);
- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
+
+ SSL_CTX_set_max_proto_version(ssl->ctx, prot);
+
+ /* Now, we have to scan for minimal protocol version,
@ -115,11 +102,11 @@ index f813458..2e6a6c0 100644
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 329760d..5cee113 100644
index 41f4501..a346792 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -152,6 +152,7 @@ typedef struct {
#endif
@@ -175,6 +175,7 @@ typedef struct {
} ngx_ssl_session_cache_t;
+#define NGX_SSL_NO_PROT 0x0000
@ -127,47 +114,50 @@ index 329760d..5cee113 100644
#define NGX_SSL_SSLv3 0x0004
#define NGX_SSL_TLSv1 0x0008
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index a47d696..94f30db 100644
index a147054..ad7e3fe 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -671,8 +671,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -646,10 +646,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
ngx_conf_merge_value(conf->reject_handshake, prev->reject_handshake, 0);
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
+ 0)
- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET
- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0);
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
NGX_SSL_BUFSIZE);
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 7eae83e..8328560 100644
index 728181d..066aef8 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -306,8 +306,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -371,10 +371,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
+ 0);
- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET
- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0);
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index d8c0471..cef590d 100644
index ba70547..a4c14ec 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -641,8 +641,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -715,10 +715,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
+ 0);
- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
- (NGX_CONF_BITMASK_SET
- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0);
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
--
2.31.1

76
SOURCES/0008-add-ssl-pass-phrase-dialog.patch
View File

@ -1,6 +1,6 @@
From c0f75dac24544bdae1ccfccf3d6a05c1b9243d8a Mon Sep 17 00:00:00 2001
From a8cae4e95ba8b5f38c68f23502f1603af8a76c58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Thu, 23 May 2024 14:09:05 +0200
Date: Thu, 23 May 2024 16:18:35 +0200
Subject: [PATCH] Add ssl-pass-phrase-dialog
---
@ -20,10 +20,10 @@ Subject: [PATCH] Add ssl-pass-phrase-dialog
13 files changed, 344 insertions(+), 25 deletions(-)
diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim
index 6828cd3..9df0a53 100644
index 7d587fc..15b21e2 100644
--- a/contrib/vim/syntax/nginx.vim
+++ b/contrib/vim/syntax/nginx.vim
@@ -624,6 +624,7 @@ syn keyword ngxDirective contained ssl_ocsp
@@ -617,6 +617,7 @@ syn keyword ngxDirective contained ssl_ocsp
syn keyword ngxDirective contained ssl_ocsp_cache
syn keyword ngxDirective contained ssl_ocsp_responder
syn keyword ngxDirective contained ssl_password_file
@ -32,7 +32,7 @@ index 6828cd3..9df0a53 100644
syn keyword ngxDirective contained ssl_preread
syn keyword ngxDirective contained ssl_protocols
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index d6fe5bc..fb05ab9 100644
index 7b69f3f..3519831 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -9,9 +9,8 @@
@ -57,7 +57,7 @@ index d6fe5bc..fb05ab9 100644
static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
void *userdata);
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
@@ -87,6 +86,12 @@ static time_t ngx_ssl_parse_time(
@@ -88,6 +87,12 @@ static time_t ngx_ssl_parse_time(
#endif
ASN1_TIME *asn1time, ngx_log_t *log);
@ -70,7 +70,7 @@ index d6fe5bc..fb05ab9 100644
static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static void ngx_openssl_exit(ngx_cycle_t *cycle);
@@ -404,7 +409,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
@@ -405,7 +410,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
ngx_int_t
ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
@ -79,7 +79,7 @@ index d6fe5bc..fb05ab9 100644
{
ngx_str_t *cert, *key;
ngx_uint_t i;
@@ -414,7 +419,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
@@ -415,7 +420,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
for (i = 0; i < certs->nelts; i++) {
@ -88,7 +88,7 @@ index d6fe5bc..fb05ab9 100644
!= NGX_OK)
{
return NGX_ERROR;
@@ -427,12 +432,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
@@ -428,12 +433,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
ngx_int_t
ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
@ -103,7 +103,7 @@ index d6fe5bc..fb05ab9 100644
x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
if (x509 == NULL) {
@@ -522,8 +528,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
@@ -523,8 +529,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
}
#endif
@ -129,7 +129,7 @@ index d6fe5bc..fb05ab9 100644
if (err != NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"cannot load certificate key \"%s\": %s",
@@ -593,7 +614,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
@@ -594,7 +615,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
#endif
@ -138,7 +138,7 @@ index d6fe5bc..fb05ab9 100644
if (pkey == NULL) {
if (err != NULL) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
@@ -771,10 +792,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
@@ -772,10 +793,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
return x509;
}
@ -222,7 +222,7 @@ index d6fe5bc..fb05ab9 100644
{
BIO *bio;
EVP_PKEY *pkey;
@@ -870,11 +962,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
@@ -871,11 +963,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
tries = 1;
pwd = NULL;
cb = NULL;
@ -251,7 +251,7 @@ index d6fe5bc..fb05ab9 100644
break;
}
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index eb3288b..b275a38 100644
index 7759e1a..a346792 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -74,9 +74,19 @@
@ -282,7 +282,7 @@ index eb3288b..b275a38 100644
struct ngx_ssl_connection_s {
ngx_ssl_conn_t *connection;
SSL_CTX *session_ctx;
@@ -184,9 +193,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log);
@@ -185,9 +194,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log);
ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
@ -295,10 +295,10 @@ index eb3288b..b275a38 100644
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 864fc4f..c1b5fb4 100644
index dfe49c5..904263d 100644
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4925,7 +4925,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
@@ -4983,7 +4983,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
&glcf->upstream.ssl_certificate->value,
&glcf->upstream.ssl_certificate_key->value,
@ -308,10 +308,10 @@ index 864fc4f..c1b5fb4 100644
{
return NGX_ERROR;
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 7c4061c..e971396 100644
index 9cc202c..2c938d7 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4974,7 +4974,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
@@ -5032,7 +5032,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
&plcf->upstream.ssl_certificate->value,
&plcf->upstream.ssl_certificate_key->value,
@ -321,7 +321,7 @@ index 7c4061c..e971396 100644
{
return NGX_ERROR;
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index e765a50..6af69d1 100644
index f1fae50..ad7e3fe 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,8 +17,9 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
@ -386,7 +386,7 @@ index e765a50..6af69d1 100644
ngx_pool_cleanup_t *cln;
@@ -672,6 +687,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -671,6 +686,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->stapling_responder,
prev->stapling_responder, "");
@ -396,7 +396,7 @@ index e765a50..6af69d1 100644
conf->ssl.log = cf->log;
if (conf->enable) {
@@ -734,6 +752,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -733,6 +751,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
@ -427,7 +427,7 @@ index e765a50..6af69d1 100644
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -784,7 +826,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -783,7 +825,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
/* configure certificates */
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -436,7 +436,7 @@ index e765a50..6af69d1 100644
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -1333,3 +1375,31 @@ ngx_http_ssl_init(ngx_conf_t *cf)
@@ -1332,3 +1374,31 @@ ngx_http_ssl_init(ngx_conf_t *cf)
return NGX_OK;
}
@ -482,10 +482,10 @@ index 7ab0f7e..2f83d75 100644
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index d46741a..d728874 100644
index e4f721b..61efa99 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2461,7 +2461,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
@@ -2564,7 +2564,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
&uwcf->upstream.ssl_certificate->value,
&uwcf->upstream.ssl_certificate_key->value,
@ -495,7 +495,7 @@ index d46741a..d728874 100644
{
return NGX_ERROR;
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 63af775..b3cd38e 100644
index 01a04c8..066aef8 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -13,6 +13,7 @@
@ -538,7 +538,7 @@ index 63af775..b3cd38e 100644
char *mode;
ngx_pool_cleanup_t *cln;
@@ -386,6 +398,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -385,6 +397,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -547,7 +547,7 @@ index 63af775..b3cd38e 100644
conf->ssl.log = cf->log;
@@ -447,6 +461,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -446,6 +460,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
@ -577,7 +577,7 @@ index 63af775..b3cd38e 100644
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
#endif
@@ -459,7 +496,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -458,7 +495,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
}
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -586,7 +586,7 @@ index 63af775..b3cd38e 100644
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -743,3 +780,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
@@ -742,3 +779,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
return NGX_CONF_OK;
#endif
}
@ -633,10 +633,10 @@ index a0a6113..3d87d50 100644
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index 934e7d8..34d0195 100644
index ed275c0..1747aed 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2248,7 +2248,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
@@ -2305,7 +2305,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
if (ngx_ssl_certificate(cf, pscf->ssl,
&pscf->ssl_certificate->value,
&pscf->ssl_certificate_key->value,
@ -646,7 +646,7 @@ index 934e7d8..34d0195 100644
{
return NGX_ERROR;
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index f922ac4..66b4b67 100644
index c692884..a4c14ec 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
@ -690,7 +690,7 @@ index f922ac4..66b4b67 100644
ngx_pool_cleanup_t *cln;
@@ -730,6 +743,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -729,6 +742,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -699,7 +699,7 @@ index f922ac4..66b4b67 100644
conf->ssl.log = cf->log;
@@ -777,6 +792,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -776,6 +791,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
@ -723,7 +723,7 @@ index f922ac4..66b4b67 100644
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
ngx_stream_ssl_servername);
@@ -821,7 +853,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
@@ -820,7 +852,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
/* configure certificates */
if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
@ -732,7 +732,7 @@ index f922ac4..66b4b67 100644
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -1207,3 +1239,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
@@ -1206,3 +1238,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
return NGX_OK;
}

28
SOURCES/404.html
View File

@ -7,7 +7,7 @@
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #FAF5F5;
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
@ -15,19 +15,19 @@
padding: 0;
}
:link {
color: #0B2335;
color: #c00;
}
:visited {
color: #0B2335;
color: #c00;
}
a:hover {
color: #0069DA;
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #0B2335;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@ -39,7 +39,7 @@
}
h2 {
text-align: center;
background-color: #0B2335;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@ -64,7 +64,7 @@
}
img {
border: 2px solid #FAF5F5;
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
@ -92,7 +92,7 @@
<p>Something has triggered missing webpage on your
website. This is the default 404 error page for
<strong>nginx</strong> that is distributed with
AlmaLinux. It is located
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/404.html</tt></p>
<p>You should customize this error page for your own
@ -100,20 +100,20 @@
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.almalinux.org/"><img
src="/icons/poweredby.png"
alt="[ Powered by AlmaLinux ]"
width="124" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
</div>
</body>

28
SOURCES/50x.html
View File

@ -7,7 +7,7 @@
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #FAF5F5;
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
@ -15,19 +15,19 @@
padding: 0;
}
:link {
color: #0B2335;
color: #c00;
}
:visited {
color: #0B2335;
color: #c00;
}
a:hover {
color: #0069DA;
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #0B2335;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
@ -39,7 +39,7 @@
}
h2 {
text-align: center;
background-color: #0B2335;
background-color: #900;
font-size: 1.1em;
font-weight: bold;
color: #fff;
@ -64,7 +64,7 @@
}
img {
border: 2px solid #FAF5F5;
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
@ -92,7 +92,7 @@
<p>Something has triggered missing webpage on your
website. This is the default error page for
<strong>nginx</strong> that is distributed with
AlmaLinux. It is located
Red Hat Enterprise Linux. It is located
<tt>/usr/share/nginx/html/50x.html</tt></p>
<p>You should customize this error page for your own
@ -100,20 +100,20 @@
the <strong>nginx</strong> configuration file
<tt>/etc/nginx/nginx.conf</tt>.</p>
<p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
</div>
</div>
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://www.almalinux.org/"><img
src="/icons/poweredby.png"
alt="[ Powered by AlmaLinux ]"
width="124" height="32" /></a>
<a href="http://www.redhat.com/"><img
src="poweredby.png"
alt="[ Powered by Red Hat Enterprise Linux ]"
width="88" height="31" /></a>
</div>
</div>
</body>

14
SOURCES/nginx-1.22.1.tar.gz.asc
View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQHEBAABCAAuFiEEE8gqY7YDV2FW4wpOoOqYG2aw2WcFAmNPwgkQHGsucGF2bG92
QGY1LmNvbQAKCRCg6pgbZrDZZ521C/9stdPkXnyO46ZOHEBK0UhPXPLcLaeUPOj3
LZz0mS1pLeQrWVJcSzjn4x1VA1Mo24wJ2PDHVLDlz+wrGDWj+YQh0Pzt81AV/VWl
gDfbJ9ROfaXNUBMPWwKH5fxlocYYyYM3SlN/nwx5EDR8uB0mnSUPS+TV8SxW+252
IfGv8xtX4diEowVCCpkvqDkbEwWy4GQia1KHd0krfvi6Aha3NNNRkjyPUNrf42A5
lmqxp1PwKnb6IYEkoYYtehKARuFjY9d5rsaQSXzNXYnRqQYOzSB42wcxJCu/Lw2S
MfzY0b5j6PdVziBXQr/Bk8ge7sVT30oKD+LnKKL/CWHnFveykOAuvuihsD4VS1iB
1Ns2Pjdofzw7+OzlVWJ4SBlm6HPCXBSfg15jkXinDdU/lKT6Gv0n4Y4i3GWkdFKe
JuuDcvhM2dAl8PV9YrlaVK/1InHNb7jsksKLZ0MxOEj05QSOWT5kOAbQCRfKAc8/
S8kd48v9BSgC+PZjS6AG3+sM2YjwQvo=
=Ww/y
-----END PGP SIGNATURE-----

14
SOURCES/nginx-1.24.0.tar.gz.asc Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQHEBAABCAAuFiEEE8gqY7YDV2FW4wpOoOqYG2aw2WcFAmQ1hQ8QHGsucGF2bG92
QGY1LmNvbQAKCRCg6pgbZrDZZ100C/9v9Gomc7MYxu+i8gQP0DxEp9oj2y6zNboa
jpR0TgfThqhxc2KNtziYuuQn81LohQ26C0mDoYbBTgRw5ZZDyzBPczC2gphvipIG
oaDE9jbEpscH22gEf7FBSva8M3zvg/jrUsLT53KR2wJt2bjl6oTUMRjaftulr3Ow
4mfYDZvU4lzaAbjQAI7WZnMAxCStJrIr8m0NiuSgcQoDVqbEYDXPhoSsE6+uR1iz
LSJIVepK4PhyHgLiWkejndnX7nNAwUv0rZMijlf1FsGZX25wXYXF4bUIHwLtH0F0
e5Yd4DvNWoMrKqtgTF4mgBoIVfsF99jyjWW13A5V9+plye1xgVD0xRt06KpX9b9v
YTuZxrYHWKQYCIhDYhMeksVWNzVFy5O+cTZKFpMDUkYhB7+fvRRfo6TU9tymSUgS
sPFM4tD2HXXzclvLPzhpDlOBLlTQMVf9UFxjIeeZ8ZtVDvVB5f61qRJG/x4vMK4j
Fc0mDIIm+9mXqqMOA+7v6IB9UaJsStI=
=/CwQ
-----END PGP SIGNATURE-----

12
SPECS/nginx.spec
View File

@ -55,8 +55,8 @@
Name: nginx
Epoch: 1
Version: 1.22.1
Release: 5%{?dist}.1.alma.1
Version: 1.24.0
Release: 1%{?dist}.1
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -626,11 +626,11 @@ fi
%changelog
* Wed Jul 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.22.1-5.1.alma.1
- Debrand for AlmaLinux
* Wed May 29 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-1.1
- Resolves: RHEL-39333 - Nginx seg faults when proxy_ssl_certificate is set
* Wed May 29 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-5.1
- Resolves: RHEL-39334 - Nginx seg faults when proxy_ssl_certificate is set
* Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.24.0-1
- new version 1.24.0
* Mon Oct 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.1-5
- Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web