diff --git a/nginx.spec b/nginx.spec index da55c93..92b81c8 100644 --- a/nginx.spec +++ b/nginx.spec @@ -7,12 +7,12 @@ %bcond_with geoip -# nginx gperftools support should be dissabled for RHEL >= 8 +# nginx gperftools support should be disabled for RHEL >= 8 # see: https://bugzilla.redhat.com/show_bug.cgi?id=1931402 %if 0%{?rhel} >= 8 %global with_gperftools 0 %else -# gperftools exist only on selected arches +# gperftools exists only on selected arches # gperftools *detection* is failing on ppc64*, possibly only configure # bug, but disable anyway. %ifnarch s390 s390x ppc64 ppc64le @@ -26,6 +26,21 @@ %global with_mailcap_mimetypes 1 %endif +# kTLS requires OpenSSL 3.0 (default in F36+ and EL9+, available in EPEL8) +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 8 +%global with_ktls 1 +%endif + +# Build against OpenSSL 1.1 on EL7 +%if 0%{?rhel} == 7 +%global openssl_pkgversion 11 +%endif + +# Build against OpenSSL 3 on EL8 +%if 0%{?rhel} == 8 +%global openssl_pkgversion 3 +%endif + # Cf. https://www.nginx.com/blog/creating-installable-packages-dynamic-modules/ %global nginx_abiversion %{version} @@ -40,8 +55,8 @@ Name: nginx Epoch: 1 -Version: 1.22.0 -Release: 4%{?dist} +Version: 1.22.1 +Release: 1%{?dist} Summary: A high performance web server and reverse proxy server # BSD License (two clause) @@ -83,11 +98,7 @@ BuildRequires: gnupg2 %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif -%if 0%{?fedora} || 0%{?rhel} >= 8 -BuildRequires: openssl-devel -%else -BuildRequires: openssl11-devel -%endif +BuildRequires: openssl%{?openssl_pkgversion}-devel BuildRequires: pcre2-devel BuildRequires: zlib-devel @@ -126,7 +137,7 @@ Summary: nginx minimal core %if 0%{?with_mailcap_mimetypes} Requires: nginx-mimetypes %endif -Requires: openssl-libs +Requires: openssl%{?openssl_pkgversion}-libs Requires(pre): nginx-filesystem Conflicts: nginx < 1:1.20.2-4 @@ -228,11 +239,7 @@ Requires: gperftools-devel Requires: GeoIP-devel %endif Requires: libxslt-devel -%if 0%{?fedora} || 0%{?rhel} >= 8 -Requires: openssl-devel -%else -Requires: openssl11-devel -%endif +Requires: openssl%{?openssl_pkgversion}-devel Requires: pcre2-devel Requires: perl-devel Requires: perl(ExtUtils::Embed) @@ -254,10 +261,10 @@ sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf %endif -%if 0%{?rhel} == 7 +%if 0%{?openssl_pkgversion} sed \ - -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl11|' \ - -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl11 |' \ + -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl%{openssl_pkgversion}|' \ + -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl%{openssl_pkgversion} |' \ -i auto/lib/openssl/conf %endif @@ -323,6 +330,9 @@ if ! ./configure \ --with-http_xslt_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ +%if 0%{?with_ktls} + --with-openssl-opt=enable-ktls \ +%endif --with-pcre \ --with-pcre-jit \ --with-stream=dynamic \ @@ -587,6 +597,11 @@ fi %changelog +* Wed Oct 19 2022 Felix Kaechele - 1:1.22.1-1 +- update 1.22.1 +- build against OpenSSL 3 on EL8 +- enable kTLS support + * Fri Jul 22 2022 Fedora Release Engineering - 1:1.22.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/sources b/sources index d1cfdd9..6342012 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nginx-1.22.0.tar.gz) = 074782dba9cd5f8f493fbb57e20bda6dc9171814d919a47ee9f825d93f12c9f9d496e25d063c983191b55ad6a236bcef252ce16ecc1d253dc8b23433557559b1 -SHA512 (nginx-1.22.0.tar.gz.asc) = e22738339525c3114eda029a4f81af7d8178e85f39c825165b491d8d8a51828ab2a5fd0df1275350d5832d360fde97bea84b1d2f2fc978505f519d2795ace088 +SHA512 (nginx-1.22.1.tar.gz) = 1d468dcfa9bbd348b8a5dc514ac1428a789e73a92384c039b73a51ce376785f74bf942872c5594a9fcda6bbf44758bd727ce15ac2395f1aa989c507014647dcc +SHA512 (nginx-1.22.1.tar.gz.asc) = 82bd44479db34d4ee2a9e425ff41a27113c08b6d0f4ccd7204dc6e302898319299b9d72b22b6148f33a9ac55d927349ec14568c355aeef174ea17996043168bb