41 changed files with 2754 additions and 1519 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,8 @@
-SOURCES/nginx-1.16.1.tar.gz
+*~
-SOURCES/poweredby.png
+nginx*/
 x86_64/
 .*.log
 *swp
 *.rpm
 /nginx-*.tar.gz
 /nginx-*.tar.gz.asc
--- a/.nginx.metadata
+++ b/.nginx.metadata
@ -1,2 +0,0 @@
 77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
 2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
--- a/0001-remove-Werror-in-upstream-build-scripts.patch
+++ b/0001-remove-Werror-in-upstream-build-scripts.patch
@ -0,0 +1,31 @@
 From d4b67917818eb4c2bda9ccc5a2677926cfa0cc81 Mon Sep 17 00:00:00 2001
 From: Felix Kaechele <felix@kaechele.ca>
 Date: Sun, 7 Jun 2020 12:14:02 -0400
 Subject: [PATCH 1/3] remove Werror in upstream build scripts
 removes -Werror in upstream build scripts.  -Werror conflicts with
 -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 Signed-off-by: Felix Kaechele <felix@kaechele.ca>
 ---
 auto/cc/gcc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/auto/cc/gcc b/auto/cc/gcc
 index a5c5c18fba3f..cdbbadb54023 100644
 --- a/auto/cc/gcc
 +++ b/auto/cc/gcc
@@ -166,7 +166,9 @@ esac
 # stop on warning
 -CFLAGS="$CFLAGS -Werror"
 +# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
 +# to not compile.
 +#CFLAGS="$CFLAGS -Werror"
 # debug
 CFLAGS="$CFLAGS -g"
 -- 
 2.44.0
--- a/0002-fix-PIDFile-handling.patch
+++ b/0002-fix-PIDFile-handling.patch
@ -0,0 +1,108 @@
 From 29c20440c27d6b13a4f933279da59fd8b442f5d7 Mon Sep 17 00:00:00 2001
 From: Felix Kaechele <felix@kaechele.ca>
 Date: Tue, 20 Apr 2021 21:28:18 -0400
 Subject: [PATCH 2/3] fix PIDFile handling
 Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026
 Rejected upstream: https://trac.nginx.org/nginx/ticket/1897
 Taken from: https://git.launchpad.net/ubuntu/+source/nginx/tree/debian/patches/nginx-fix-pidfile.patch
 From original patch:
 Author: Tj <ubuntu@iam.tj>
 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365
 Last-Update: 2020-06-24
 Signed-off-by: Felix Kaechele <felix@kaechele.ca>
 ---
 src/core/nginx.c         | 24 +++++++++++++++++++++---
 src/os/unix/ngx_daemon.c |  8 ++++++--
 2 files changed, 27 insertions(+), 5 deletions(-)
 diff --git a/src/core/nginx.c b/src/core/nginx.c
 index 0deb27b7f98a..23edb59ff105 100644
 --- a/src/core/nginx.c
 +++ b/src/core/nginx.c
@@ -340,14 +340,21 @@ main(int argc, char *const *argv)
         ngx_process = NGX_PROCESS_MASTER;
     }
 +    /* tell-tale to detect if this is parent or child process */
 +    ngx_int_t child_pid = NGX_BUSY;
 +
 #if !(NGX_WIN32)
     if (ngx_init_signals(cycle->log) != NGX_OK) {
         return 1;
     }
 +    /* tell-tale that this code has been executed */
 +    child_pid--;
 +
     if (!ngx_inherited && ccf->daemon) {
 -        if (ngx_daemon(cycle->log) != NGX_OK) {
 +        child_pid = ngx_daemon(cycle->log);
 +        if (child_pid == NGX_ERROR) {
             return 1;
         }
@@ -360,8 +367,19 @@ main(int argc, char *const *argv)
 #endif
 -    if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
 -        return 1;
 +    /* If ngx_daemon() returned the child's PID in the parent process
 +     * after the fork() set ngx_pid to the child_pid, which gets
 +     * written to the PID file, then exit.
 +     * For NGX_WIN32 always write the PID file
 +     * For others, only write it from the parent process */
 +    if (child_pid < NGX_OK || child_pid > NGX_OK) {
 +	ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
 +        if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
 +            return 1;
 +	}
 +    }
 +    if (child_pid > NGX_OK) {
 +        exit(0);
     }
     if (ngx_log_redirect_stderr(cycle) != NGX_OK) {
 diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
 index 385c49b6c3d1..3719854c52b0 100644
 --- a/src/os/unix/ngx_daemon.c
 +++ b/src/os/unix/ngx_daemon.c
@@ -7,14 +7,17 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 +#include <unistd.h>
 ngx_int_t
 ngx_daemon(ngx_log_t *log)
 {
     int  fd;
 +    /* retain the return value for passing back to caller */
 +    pid_t pid_child = fork();
 -    switch (fork()) {
 +    switch (pid_child) {
     case -1:
         ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
         return NGX_ERROR;
@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
         break;
     default:
 -        exit(0);
 +        /* let caller do the exit() */
 +        return pid_child;
     }
     ngx_parent = ngx_pid;
 -- 
 2.44.0
--- a/0003-Add-SSL-passphrase-dialog.patch
+++ b/0003-Add-SSL-passphrase-dialog.patch
@ -0,0 +1,749 @@
 From 679397c62265a5ee93953d0913dc834b163a5aec Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
 Date: Wed, 22 May 2024 22:23:08 +0200
 Subject: [PATCH 3/3] Add SSL passphrase dialog
 ---
 contrib/vim/syntax/nginx.vim             |   1 +
 src/event/ngx_event_openssl.c            | 126 +++++++++++++++++++++--
 src/event/ngx_event_openssl.h            |  14 ++-
 src/http/modules/ngx_http_grpc_module.c  |   2 +-
 src/http/modules/ngx_http_proxy_module.c |   2 +-
 src/http/modules/ngx_http_ssl_module.c   |  70 ++++++++++++-
 src/http/modules/ngx_http_ssl_module.h   |   2 +
 src/http/modules/ngx_http_uwsgi_module.c |   2 +-
 src/mail/ngx_mail_ssl_module.c           |  66 +++++++++++-
 src/mail/ngx_mail_ssl_module.h           |   2 +
 src/stream/ngx_stream_proxy_module.c     |   2 +-
 src/stream/ngx_stream_ssl_module.c       |  61 ++++++++++-
 src/stream/ngx_stream_ssl_module.h       |   2 +
 13 files changed, 335 insertions(+), 17 deletions(-)
 diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim
 index 29eef7a..e7227eb 100644
 --- a/contrib/vim/syntax/nginx.vim
 +++ b/contrib/vim/syntax/nginx.vim
@@ -593,6 +593,7 @@ syn keyword ngxDirective contained ssl_ocsp
 syn keyword ngxDirective contained ssl_ocsp_cache
 syn keyword ngxDirective contained ssl_ocsp_responder
 syn keyword ngxDirective contained ssl_password_file
 +syn keyword ngxDirective contained ssl_pass_phrase_dialog
 syn keyword ngxDirective contained ssl_prefer_server_ciphers
 syn keyword ngxDirective contained ssl_preread
 syn keyword ngxDirective contained ssl_protocols
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 index 89f277f..6f7f2a2 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
@@ -11,6 +11,7 @@
 #define NGX_SSL_PASSWORD_BUFFER_SIZE  4096
 +#define NGX_PASS_PHRASE_ARG_MAX_LEN   255
 typedef struct {
@@ -21,7 +22,7 @@ typedef struct {
 static X509 *ngx_ssl_load_certificate(ngx_pool_t *pool, char **err,
     ngx_str_t *cert, STACK_OF(X509) **chain);
 static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 -    ngx_str_t *key, ngx_array_t *passwords);
 +    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
 static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
     void *userdata);
 static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
@@ -85,6 +86,12 @@ static time_t ngx_ssl_parse_time(
 #endif
     ASN1_TIME *asn1time, ngx_log_t *log);
 +static int ngx_ssl_read_pstream(const char *cmd, char *buf,
 +    ngx_int_t bufsize);
 +
 +static int ngx_ssl_pass_phrase_callback(char *buf, int bufsize,
 +    int rwflag, void *u);
 +
 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
 static void ngx_openssl_exit(ngx_cycle_t *cycle);
@@ -432,7 +439,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 ngx_int_t
 ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
 -    ngx_array_t *keys, ngx_array_t *passwords)
 +    ngx_array_t *keys, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
 {
     ngx_str_t   *cert, *key;
     ngx_uint_t   i;
@@ -442,7 +449,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
     for (i = 0; i < certs->nelts; i++) {
 -        if (ngx_ssl_certificate(cf, ssl, &cert[i], &key[i], passwords)
 +        if (ngx_ssl_certificate(cf, ssl, &cert[i], &key[i], passwords, dlg)
             != NGX_OK)
         {
             return NGX_ERROR;
@@ -455,12 +462,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
 ngx_int_t
 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
 -    ngx_str_t *key, ngx_array_t *passwords)
 +    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
 {
     char            *err;
     X509            *x509;
     EVP_PKEY        *pkey;
     STACK_OF(X509)  *chain;
 +    EVP_PKEY        *pubkey;
     x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
     if (x509 == NULL) {
@@ -550,8 +558,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
     }
 #endif
 -    pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords);
 -    if (pkey == NULL) {
 +    pubkey = X509_get_pubkey(x509);
 +    if (!pubkey) {
 +        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
 +                          "X509_get_pubkey() failed");
 +        return NGX_ERROR;
 +    }
 +
 +    if (dlg) {
 +         dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey);
 +    }
 +
 +    EVP_PKEY_free(pubkey);
 +
 +    pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords, dlg);
 +    if (ngx_test_config) {
 +        return NGX_OK;
 +    } else if (pkey == NULL) {
         if (err != NULL) {
             ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                           "cannot load certificate key \"%s\": %s",
@@ -621,7 +644,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
 #endif
 -    pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords);
 +    pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords, NULL);
     if (pkey == NULL) {
         if (err != NULL) {
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
@@ -734,10 +757,82 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
     return x509;
 }
 +static int
 +ngx_ssl_read_pstream(const char *cmd, char *buf, ngx_int_t bufsize)
 +{
 +    FILE       *fp;
 +    ngx_int_t i;
 +    char c;
 +
 +    fp = popen(cmd, "r");
 +    if (fp == NULL) {
 +        return -1;
 +    }
 +
 +    for (i = 0; (c = fgetc(fp)) != EOF &&
 +            (i < bufsize - 1); i++) {
 +
 +        if (c == '\n' || c == '\r'){
 +            break;
 +        }
 +
 +        buf[i] = c;
 +    }
 +    buf[i] = '\0';
 +
 +    pclose(fp);
 +
 +    return 0;
 +}
 +
 +static int
 +ngx_ssl_pass_phrase_callback(char *buf, int bufsize, int rwflag, void *u)
 +{
 +    u_char cmd[NGX_PASS_PHRASE_ARG_MAX_LEN + 1] = {0};
 +    u_char *cmd_end;
 +    ngx_ssl_ppdialog_conf_t *dlg              = (ngx_ssl_ppdialog_conf_t *)u;
 +    ngx_str_t *pass_phrase_dialog             = dlg->data;
 +    char cryptosystem[4] = {0};
 +    int ret;
 +
 +    /* remove exec: str from pass_phrase_dialog */
 +    pass_phrase_dialog->data = pass_phrase_dialog->data + 5;
 +    pass_phrase_dialog->len  = pass_phrase_dialog->len - 5;
 +
 +    switch (dlg->cryptosystem){
 +        case EVP_PKEY_RSA:
 +            strncpy(cryptosystem, "RSA", 4);
 +            break;
 +        case EVP_PKEY_DSA:
 +            strncpy(cryptosystem, "DSA", 4);
 +            break;
 +        case EVP_PKEY_EC:
 +            strncpy(cryptosystem, "EC", 3);
 +            break;
 +        case EVP_PKEY_DH:
 +            strncpy(cryptosystem, "DH", 3);
 +            break;
 +        default:
 +            strncpy(cryptosystem, "UNK", 4);
 +            break;
 +    }
 +
 +    cmd_end = ngx_snprintf(cmd, NGX_PASS_PHRASE_ARG_MAX_LEN, "%V %V %s",
 +                         pass_phrase_dialog, dlg->server, cryptosystem);
 +    *cmd_end = '\0';
 +
 +    ngx_log_stderr(0, "Executing external script: %s\n", cmd);
 +
 +    if ((ret = ngx_ssl_read_pstream((char *)cmd, buf, bufsize)) != 0){
 +        return -1;
 +    }
 +
 +    return strlen(buf);
 +}
 static EVP_PKEY *
 ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 -    ngx_str_t *key, ngx_array_t *passwords)
 +    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
 {
     BIO              *bio;
     EVP_PKEY         *pkey;
@@ -825,6 +920,21 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
         tries = 1;
         pwd = NULL;
         cb = NULL;
 +
 +        /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
 +        if (dlg && ngx_strncasecmp(dlg->data->data, (u_char *)"exec:", 5) == 0){
 +           pwd = (void *)dlg;
 +           cb = ngx_ssl_pass_phrase_callback;
 +        } else {
 +           pwd = NULL;
 +           cb = NULL;
 +        }
 +    }
 +
 +    /* skip decrypting private keys in config test phase to avoid
 +       asking for pass phase twice */
 +    if (ngx_test_config){
 +        return NULL;
     }
     for ( ;; ) {
 diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
 index ebb2c35..761f48d 100644
 --- a/src/event/ngx_event_openssl.h
 +++ b/src/event/ngx_event_openssl.h
@@ -82,9 +82,19 @@
 #define ERR_peek_error_data(d, f)    ERR_peek_error_line_data(NULL, NULL, d, f)
 #endif
 +#define NGX_SSL_PASS_PHRASE_ARG_MAX_LEN  255
 +#define NGX_SSL_PASS_PHRASE_DEFAULT_VAL "builtin"
 +#define NGX_SSL_SERVER_NULL             "undefined"
 typedef struct ngx_ssl_ocsp_s  ngx_ssl_ocsp_t;
 +typedef struct ngx_ssl_ppdialog_conf_s ngx_ssl_ppdialog_conf_t;
 +
 +struct ngx_ssl_ppdialog_conf_s {
 +    ngx_str_t                  *data;
 +    ngx_str_t                  *server;
 +    ngx_int_t                  cryptosystem;
 +};
 struct ngx_ssl_s {
     SSL_CTX                    *ctx;
@@ -192,9 +202,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log);
 ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
 ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
 -    ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords);
 +    ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
 ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
 -    ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
 +    ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
 ngx_int_t ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
     ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
 diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
 index dfe49c5..904263d 100644
 --- a/src/http/modules/ngx_http_grpc_module.c
 +++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4983,7 +4983,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
             if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
                                     &glcf->upstream.ssl_certificate->value,
                                     &glcf->upstream.ssl_certificate_key->value,
 -                                    glcf->upstream.ssl_passwords)
 +                                    glcf->upstream.ssl_passwords, NULL)
                 != NGX_OK)
             {
                 return NGX_ERROR;
 diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
 index 9cc202c..2c938d7 100644
 --- a/src/http/modules/ngx_http_proxy_module.c
 +++ b/src/http/modules/ngx_http_proxy_module.c
@@ -5032,7 +5032,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
             if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
                                     &plcf->upstream.ssl_certificate->value,
                                     &plcf->upstream.ssl_certificate_key->value,
 -                                    plcf->upstream.ssl_passwords)
 +                                    plcf->upstream.ssl_passwords, NULL)
                 != NGX_OK)
             {
                 return NGX_ERROR;
 diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
 index 1c92d9f..35132b9 100644
 --- a/src/http/modules/ngx_http_ssl_module.c
 +++ b/src/http/modules/ngx_http_ssl_module.c
@@ -21,6 +21,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
 #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
 #define NGX_DEFAULT_ECDH_CURVE  "auto"
 +static ngx_str_t ngx_ssl_server_null = ngx_string(NGX_SSL_SERVER_NULL);
 +
 #define NGX_HTTP_ALPN_PROTOS    "\x08http/1.1\x08http/1.0\x08http/0.9"
@@ -59,6 +61,9 @@ static ngx_int_t ngx_http_ssl_quic_compat_init(ngx_conf_t *cf,
     ngx_http_conf_addr_t *addr);
 #endif
 +static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
 +    void *conf);
 +
 static ngx_conf_bitmask_t  ngx_http_ssl_protocols[] = {
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@@ -290,6 +295,13 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
       offsetof(ngx_http_ssl_srv_conf_t, reject_handshake),
       NULL },
 +    { ngx_string("ssl_pass_phrase_dialog"),
 +      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
 +      ngx_conf_set_pass_phrase_dialog,
 +      NGX_HTTP_SRV_CONF_OFFSET,
 +      offsetof(ngx_http_ssl_srv_conf_t, pass_phrase_dialog),
 +      NULL },
 +
       ngx_null_command
 };
@@ -609,6 +621,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
      *     sscf->ocsp_responder = { 0, NULL };
      *     sscf->stapling_file = { 0, NULL };
      *     sscf->stapling_responder = { 0, NULL };
 +     *     sscf->pass_phrase_dialog = NULL;
      */
     sscf->prefer_server_ciphers = NGX_CONF_UNSET;
@@ -639,6 +652,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 {
     ngx_http_ssl_srv_conf_t *prev = parent;
     ngx_http_ssl_srv_conf_t *conf = child;
 +    ngx_http_core_srv_conf_t  *cscf;
 +    ngx_ssl_ppdialog_conf_t    dlg;
     ngx_pool_cleanup_t  *cln;
@@ -694,6 +709,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_str_value(conf->stapling_responder,
                          prev->stapling_responder, "");
 +    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
 +                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
 +
     conf->ssl.log = cf->log;
     if (conf->certificates) {
@@ -726,6 +744,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     cln->handler = ngx_ssl_cleanup_ctx;
     cln->data = &conf->ssl;
 +    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
 +    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
 +    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
 +               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
 +
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive accepts only the following "
 +            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
 +
 +       return NGX_CONF_ERROR;
 +    }
 +
 +    cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
 +
 +    dlg.data = &conf->pass_phrase_dialog;
 +    if (cscf->server_name.len != 0) {
 +        dlg.server = &cscf->server_name;
 +    } else {
 +        dlg.server = &ngx_ssl_server_null;
 +    }
 +
 +
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
     if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -776,7 +818,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         /* configure certificates */
         if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
 -                                 conf->certificate_keys, conf->passwords)
 +                                 conf->certificate_keys, conf->passwords, &dlg)
             != NGX_OK)
         {
             return NGX_CONF_ERROR;
@@ -1329,6 +1371,32 @@ ngx_http_ssl_init(ngx_conf_t *cf)
     return NGX_OK;
 }
 +static char *
 +ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 +{
 +    ngx_http_ssl_srv_conf_t *sscf = conf;
 +    ngx_str_t               *value;
 +
 +    if (sscf->pass_phrase_dialog.data){
 +        return "is duplicate";
 +    }
 +
 +    value = cf->args->elts;
 +
 +    sscf->pass_phrase_dialog = value[1];
 +
 +    if (sscf->pass_phrase_dialog.len == 0) {
 +        return NGX_CONF_OK;
 +    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
 +        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
 +            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
 +
 +        return NGX_CONF_ERROR;
 +    }
 +
 +    return NGX_CONF_OK;
 +}
 #if (NGX_QUIC_OPENSSL_COMPAT)
 diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
 index c69c8ff..79f1506 100644
 --- a/src/http/modules/ngx_http_ssl_module.h
 +++ b/src/http/modules/ngx_http_ssl_module.h
@@ -62,6 +62,8 @@ typedef struct {
     ngx_flag_t                      stapling_verify;
     ngx_str_t                       stapling_file;
     ngx_str_t                       stapling_responder;
 +
 +    ngx_str_t                       pass_phrase_dialog;
 } ngx_http_ssl_srv_conf_t;
 diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
 index c1731ff..ab9d98a 100644
 --- a/src/http/modules/ngx_http_uwsgi_module.c
 +++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2567,7 +2567,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
             if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
                                     &uwcf->upstream.ssl_certificate->value,
                                     &uwcf->upstream.ssl_certificate_key->value,
 -                                    uwcf->upstream.ssl_passwords)
 +                                    uwcf->upstream.ssl_passwords, NULL)
                 != NGX_OK)
             {
                 return NGX_ERROR;
 diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
 index aebb4cc..5d95f44 100644
 --- a/src/mail/ngx_mail_ssl_module.c
 +++ b/src/mail/ngx_mail_ssl_module.c
@@ -13,6 +13,7 @@
 #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
 #define NGX_DEFAULT_ECDH_CURVE  "auto"
 +static ngx_str_t ngx_ssl_server_null = ngx_string(NGX_SSL_SERVER_NULL);
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
@@ -33,6 +34,8 @@ static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
 static char *ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post,
     void *data);
 +static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
 +    void *conf);
 static ngx_conf_enum_t  ngx_mail_starttls_state[] = {
     { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
@@ -202,6 +205,13 @@ static ngx_command_t  ngx_mail_ssl_commands[] = {
       offsetof(ngx_mail_ssl_conf_t, conf_commands),
       &ngx_mail_ssl_conf_command_post },
 +    { ngx_string("ssl_pass_phrase_dialog"),
 +      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
 +      ngx_conf_set_pass_phrase_dialog,
 +      NGX_MAIL_SRV_CONF_OFFSET,
 +      offsetof(ngx_mail_ssl_conf_t, pass_phrase_dialog),
 +      NULL },
 +
       ngx_null_command
 };
@@ -330,6 +340,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 {
     ngx_mail_ssl_conf_t *prev = parent;
     ngx_mail_ssl_conf_t *conf = child;
 +    ngx_mail_core_srv_conf_t           *cscf;
 +    ngx_ssl_ppdialog_conf_t             dlg;
     char                *mode;
     ngx_pool_cleanup_t  *cln;
@@ -372,6 +384,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
 +    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
 +                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
     conf->ssl.log = cf->log;
@@ -430,6 +444,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     cln->handler = ngx_ssl_cleanup_ctx;
     cln->data = &conf->ssl;
 +    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
 +    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
 +    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
 +               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
 +
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive accepts only the following "
 +            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
 +
 +       return NGX_CONF_ERROR;
 +    }
 +
 +    cscf = ngx_mail_conf_get_module_srv_conf(cf, ngx_mail_core_module);
 +
 +    dlg.data = &conf->pass_phrase_dialog;
 +    if (cscf->server_name.len != 0) {
 +        dlg.server = &cscf->server_name;
 +    } else {
 +        dlg.server = &ngx_ssl_server_null;
 +    }
 +
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
     SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
 #endif
@@ -442,7 +479,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     }
     if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
 -                             conf->certificate_keys, conf->passwords)
 +                             conf->certificate_keys, conf->passwords, &dlg)
         != NGX_OK)
     {
         return NGX_CONF_ERROR;
@@ -692,3 +729,30 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
     return NGX_CONF_OK;
 #endif
 }
 +
 +static char *
 +ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 +{
 +    ngx_mail_ssl_conf_t     *sscf = conf;
 +    ngx_str_t               *value;
 +
 +    if (sscf->pass_phrase_dialog.data){
 +        return "is duplicate";
 +    }
 +
 +    value = cf->args->elts;
 +
 +    sscf->pass_phrase_dialog = value[1];
 +
 +    if (sscf->pass_phrase_dialog.len == 0) {
 +        return NGX_CONF_OK;
 +    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
 +        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
 +            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
 +
 +        return NGX_CONF_ERROR;
 +    }
 +
 +    return NGX_CONF_OK;
 +}
 diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h
 index c0eb6a3..02b4d4f 100644
 --- a/src/mail/ngx_mail_ssl_module.h
 +++ b/src/mail/ngx_mail_ssl_module.h
@@ -56,6 +56,8 @@ typedef struct {
     u_char          *file;
     ngx_uint_t       line;
 +
 +    ngx_str_t        pass_phrase_dialog;
 } ngx_mail_ssl_conf_t;
 diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
 index ed275c0..1747aed 100644
 --- a/src/stream/ngx_stream_proxy_module.c
 +++ b/src/stream/ngx_stream_proxy_module.c
@@ -2305,7 +2305,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
             if (ngx_ssl_certificate(cf, pscf->ssl,
                                     &pscf->ssl_certificate->value,
                                     &pscf->ssl_certificate_key->value,
 -                                    pscf->ssl_passwords)
 +                                    pscf->ssl_passwords, NULL)
                 != NGX_OK)
             {
                 return NGX_ERROR;
 diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
 index ba44477..43cd7e0 100644
 --- a/src/stream/ngx_stream_ssl_module.c
 +++ b/src/stream/ngx_stream_ssl_module.c
@@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
 #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
 #define NGX_DEFAULT_ECDH_CURVE  "auto"
 +#define NGX_SSL_STREAM_NAME             "NGX_STREAM_SSL_MODULE"
 +static ngx_str_t ngx_ssl_stream_default_name = ngx_string(NGX_SSL_STREAM_NAME);
 static ngx_int_t ngx_stream_ssl_handler(ngx_stream_session_t *s);
 static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl,
@@ -57,6 +59,9 @@ static char *ngx_stream_ssl_alpn(ngx_conf_t *cf, ngx_command_t *cmd,
 static char *ngx_stream_ssl_conf_command_check(ngx_conf_t *cf, void *post,
     void *data);
 +static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
 +    void *conf);
 +
 static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf);
@@ -233,6 +238,13 @@ static ngx_command_t  ngx_stream_ssl_commands[] = {
       0,
       NULL },
 +    { ngx_string("ssl_pass_phrase_dialog"),
 +      NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
 +      ngx_conf_set_pass_phrase_dialog,
 +      NGX_STREAM_SRV_CONF_OFFSET,
 +      offsetof(ngx_stream_ssl_srv_conf_t, pass_phrase_dialog),
 +      NULL },
 +
       ngx_null_command
 };
@@ -802,6 +814,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 {
     ngx_stream_ssl_srv_conf_t *prev = parent;
     ngx_stream_ssl_srv_conf_t *conf = child;
 +    ngx_ssl_ppdialog_conf_t    dlg;
     ngx_pool_cleanup_t  *cln;
@@ -846,6 +859,8 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
 +    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
 +                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
     conf->ssl.log = cf->log;
@@ -879,6 +894,23 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     cln->handler = ngx_ssl_cleanup_ctx;
     cln->data = &conf->ssl;
 +    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
 +    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
 +    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
 +               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
 +
 +       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog config directive accepts only the following "
 +            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
 +
 +       return NGX_CONF_ERROR;
 +    }
 +
 +    dlg.data = &conf->pass_phrase_dialog;
 +    dlg.server = &ngx_ssl_stream_default_name;
 +
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
     SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
                                            ngx_stream_ssl_servername);
@@ -923,7 +955,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         /* configure certificates */
         if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
 -                                 conf->certificate_keys, conf->passwords)
 +                                 conf->certificate_keys, conf->passwords, &dlg)
             != NGX_OK)
         {
             return NGX_CONF_ERROR;
@@ -1371,3 +1403,30 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
     return NGX_OK;
 }
 +
 +static char *
 +ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 +{
 +    ngx_stream_ssl_srv_conf_t *sscf = conf;
 +    ngx_str_t                 *value;
 +
 +    if (sscf->pass_phrase_dialog.data){
 +        return "is duplicate";
 +    }
 +
 +    value = cf->args->elts;
 +
 +    sscf->pass_phrase_dialog = value[1];
 +
 +    if (sscf->pass_phrase_dialog.len == 0) {
 +        return NGX_CONF_OK;
 +    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
 +        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
 +            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
 +
 +        return NGX_CONF_ERROR;
 +    }
 +
 +    return NGX_CONF_OK;
 +}
 diff --git a/src/stream/ngx_stream_ssl_module.h b/src/stream/ngx_stream_ssl_module.h
 index 6f6d9ae..870640d 100644
 --- a/src/stream/ngx_stream_ssl_module.h
 +++ b/src/stream/ngx_stream_ssl_module.h
@@ -53,6 +53,8 @@ typedef struct {
     ngx_flag_t       session_tickets;
     ngx_array_t     *session_ticket_keys;
 +
 +    ngx_str_t        pass_phrase_dialog;
 } ngx_stream_ssl_srv_conf_t;
 -- 
 2.44.0
--- a/0004-Disable-ENGINE-support.patch
+++ b/0004-Disable-ENGINE-support.patch
@ -0,0 +1,96 @@
 From 5dd0765607135a418289bc4a20060f31eeaede73 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
 Date: Tue, 2 Jul 2024 18:29:18 +0200
 Subject: [PATCH] Disable ENGINE support
 ---
 auto/options                  | 3 +++
 configure                     | 4 ++++
 src/event/ngx_event_openssl.c | 7 +++----
 src/event/ngx_event_openssl.h | 2 +-
 4 files changed, 11 insertions(+), 5 deletions(-)
 diff --git a/auto/options b/auto/options
 index 6a6e990..3cc983d 100644
 --- a/auto/options
 +++ b/auto/options
@@ -45,6 +45,8 @@ USE_THREADS=NO
 NGX_FILE_AIO=NO
 +NGX_SSL_NO_ENGINE=NO
 +
 QUIC_BPF=NO
 HTTP=YES
@@ -373,6 +375,7 @@ use the \"--with-mail_ssl_module\" option instead"
         --with-openssl=*)                OPENSSL="$value"           ;;
         --with-openssl-opt=*)            OPENSSL_OPT="$value"       ;;
 +        --without-engine)                NGX_SSL_NO_ENGINE=YES      ;;
         --with-md5=*)
             NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
 diff --git a/configure b/configure
 index 5b88ebb..3a2129e 100755
 --- a/configure
 +++ b/configure
@@ -104,6 +104,10 @@ have=NGX_HTTP_UWSGI_TEMP_PATH value="\"$NGX_HTTP_UWSGI_TEMP_PATH\""
 have=NGX_HTTP_SCGI_TEMP_PATH value="\"$NGX_HTTP_SCGI_TEMP_PATH\""
 . auto/define
 +if [ $NGX_SSL_NO_ENGINE = YES ]; then
 +    have=NGX_SSL_NO_ENGINE . auto/have
 +fi
 +
 . auto/make
 . auto/lib/make
 . auto/install
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 index 6f7f2a2..f939706 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
@@ -842,7 +842,7 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
     if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
 -#ifndef OPENSSL_NO_ENGINE
 +#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
         u_char  *p, *last;
         ENGINE  *engine;
@@ -6119,8 +6119,7 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
 static char *
 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
 -#ifndef OPENSSL_NO_ENGINE
 -
 +#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
     ngx_openssl_conf_t *oscf = conf;
     ENGINE     *engine;
@@ -6170,7 +6169,7 @@ ngx_openssl_exit(ngx_cycle_t *cycle)
 #if OPENSSL_VERSION_NUMBER < 0x10100003L
     EVP_cleanup();
 -#ifndef OPENSSL_NO_ENGINE
 +#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
     ENGINE_cleanup();
 #endif
 diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
 index 761f48d..c60b16d 100644
 --- a/src/event/ngx_event_openssl.h
 +++ b/src/event/ngx_event_openssl.h
@@ -20,7 +20,7 @@
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 -#ifndef OPENSSL_NO_ENGINE
 +#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
 #include <openssl/engine.h>
 #endif
 #include <openssl/evp.h>
 -- 
 2.44.0
--- a/SOURCES/nginx-1.14.1-perl-module-hardening.patch
+++ b/SOURCES/nginx-1.14.1-perl-module-hardening.patch
@ -1,3 +1,12 @@
 From 1d10021f057d2047a044078a6af8e27af790ddec Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
 Date: Wed, 31 Jul 2024 17:47:10 +0200
 Subject: [PATCH] Compile perl module with O2
 ---
 src/http/modules/perl/Makefile.PL | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/http/modules/perl/Makefile.PL b/src/http/modules/perl/Makefile.PL
 index 7edadcb..2ebb7c4 100644
 --- a/src/http/modules/perl/Makefile.PL
@ -11,3 +20,6 @@ index 7edadcb..2ebb7c4 100644
     LDDLFLAGS         => "$ENV{NGX_PM_LDFLAGS}",
 -- 
 2.44.0
--- a/SOURCES/README.dynamic
+++ b/SOURCES/README.dynamic
@ -16,5 +16,5 @@ Prevent dynamic modules from being enabled automatically
 You may want to avoid dynamic modules being enabled automatically. Simply
 remove this line from the top of /etc/nginx/nginx.conf:
-    include /usr/lib64/nginx/modules/*.conf;
+    include /usr/share/nginx/modules/*.conf;
--- a/SOURCES/404.html
+++ b/SOURCES/404.html
@ -1,120 +0,0 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <title>The page is not found</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <style type="text/css">
            /*<![CDATA[*/
            body {
                background-color: #fff;
                color: #000;
                font-size: 0.9em;
                font-family: sans-serif,helvetica;
                margin: 0;
                padding: 0;
            }
            :link {
                color: #c00;
            }
            :visited {
                color: #c00;
            }
            a:hover {
                color: #f50;
            }
            h1 {
                text-align: center;
                margin: 0;
                padding: 0.6em 2em 0.4em;
                background-color: #900;
                color: #fff;
                font-weight: normal;
                font-size: 1.75em;
                border-bottom: 2px solid #000;
            }
            h1 strong {
                font-weight: bold;
                font-size: 1.5em;
            }
            h2 {
                text-align: center;
                background-color: #900;
                font-size: 1.1em;
                font-weight: bold;
                color: #fff;
                margin: 0;
                padding: 0.5em;
                border-bottom: 2px solid #000;
            }
            h3 {
                text-align: center;
                background-color: #ff0000;
                padding: 0.5em;
                color: #fff;
            }
            hr {
                display: none;
            }
            .content {
                padding: 1em 5em;
            }
            .alert {
                border: 2px solid #000;
            }
            img {
                border: 2px solid #fff;
                padding: 2px;
                margin: 2px;
            }
            a:hover img {
                border: 2px solid #294172;
            }
            .logos {
                margin: 1em;
                text-align: center;
            }
            /*]]>*/
        </style>
    </head>
    <body>
        <h1><strong>nginx error!</strong></h1>
        <div class="content">
            <h3>The page you are looking for is not found.</h3>
            <div class="alert">
                <h2>Website Administrator</h2>
                <div class="content">
                    <p>Something has triggered missing webpage on your
                    website. This is the default 404 error page for
                    <strong>nginx</strong> that is distributed with
                    Red Hat Enterprise Linux.  It is located
                    <tt>/usr/share/nginx/html/404.html</tt></p>
                    <p>You should customize this error page for your own
                    site or edit the <tt>error_page</tt> directive in
                    the <strong>nginx</strong> configuration file
                    <tt>/etc/nginx/nginx.conf</tt>.</p>
                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
                </div>
            </div>
            <div class="logos">
                <a href="http://nginx.net/"><img
                    src="nginx-logo.png" 
                    alt="[ Powered by nginx ]"
                    width="121" height="32" /></a>
                <a href="http://www.redhat.com/"><img
                    src="poweredby.png"
                    alt="[ Powered by Red Hat Enterprise Linux ]"
                    width="88" height="31" /></a>
            </div>
        </div>
    </body>
 </html>
--- a/SOURCES/50x.html
+++ b/SOURCES/50x.html
@ -1,120 +0,0 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <title>The page is temporarily unavailable</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <style type="text/css">
            /*<![CDATA[*/
            body {
                background-color: #fff;
                color: #000;
                font-size: 0.9em;
                font-family: sans-serif,helvetica;
                margin: 0;
                padding: 0;
            }
            :link {
                color: #c00;
            }
            :visited {
                color: #c00;
            }
            a:hover {
                color: #f50;
            }
            h1 {
                text-align: center;
                margin: 0;
                padding: 0.6em 2em 0.4em;
                background-color: #900;
                color: #fff;
                font-weight: normal;
                font-size: 1.75em;
                border-bottom: 2px solid #000;
            }
            h1 strong {
                font-weight: bold;
                font-size: 1.5em;
            }
            h2 {
                text-align: center;
                background-color: #900;
                font-size: 1.1em;
                font-weight: bold;
                color: #fff;
                margin: 0;
                padding: 0.5em;
                border-bottom: 2px solid #000;
            }
            h3 {
                text-align: center;
                background-color: #ff0000;
                padding: 0.5em;
                color: #fff;
            }
            hr {
                display: none;
            }
            .content {
                padding: 1em 5em;
            }
            .alert {
                border: 2px solid #000;
            }
            img {
                border: 2px solid #fff;
                padding: 2px;
                margin: 2px;
            }
            a:hover img {
                border: 2px solid #294172;
            }
            .logos {
                margin: 1em;
                text-align: center;
            }
            /*]]>*/
        </style>
    </head>
    <body>
        <h1><strong>nginx error!</strong></h1>
        <div class="content">
            <h3>The page you are looking for is temporarily unavailable.  Please try again later.</h3>
            <div class="alert">
                <h2>Website Administrator</h2>
                <div class="content">
                    <p>Something has triggered missing webpage on your
                    website. This is the default error page for
                    <strong>nginx</strong> that is distributed with
                    Red Hat Enterprise Linux.  It is located
                    <tt>/usr/share/nginx/html/50x.html</tt></p>
                    <p>You should customize this error page for your own
                    site or edit the <tt>error_page</tt> directive in
                    the <strong>nginx</strong> configuration file
                    <tt>/etc/nginx/nginx.conf</tt>.</p>
                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
                </div>
            </div>
            <div class="logos">
                <a href="http://nginx.net/"><img
                    src="nginx-logo.png" 
                    alt="[ Powered by nginx ]"
                    width="121" height="32" /></a>
                <a href="http://www.redhat.com/"><img
                    src="poweredby.png"
                    alt="[ Powered by Red Hat Enterprise Linux ]"
                    width="88" height="31" /></a>
            </div>
        </div>
    </body>
 </html>
--- a/SOURCES/index.html
+++ b/SOURCES/index.html
@ -1,117 +0,0 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <style type="text/css">
            /*<![CDATA[*/
            body {
                background-color: #fff;
                color: #000;
                font-size: 0.9em;
                font-family: sans-serif,helvetica;
                margin: 0;
                padding: 0;
            }
            :link {
                color: #c00;
            }
            :visited {
                color: #c00;
            }
            a:hover {
                color: #f50;
            }
            h1 {
                text-align: center;
                margin: 0;
                padding: 0.6em 2em 0.4em;
                background-color: #900;
                color: #fff;
                font-weight: normal;
                font-size: 1.75em;
                border-bottom: 2px solid #000;
            }
            h1 strong {
                font-weight: bold;
                font-size: 1.5em;
            }
            h2 {
                text-align: center;
                background-color: #900;
                font-size: 1.1em;
                font-weight: bold;
                color: #fff;
                margin: 0;
                padding: 0.5em;
                border-bottom: 2px solid #000;
            }
            hr {
                display: none;
            }
            .content {
                padding: 1em 5em;
            }
            .alert {
                border: 2px solid #000;
            }
            img {
                border: 2px solid #fff;
                padding: 2px;
                margin: 2px;
            }
            a:hover img {
                border: 2px solid #294172;
            }
            .logos {
                margin: 1em;
                text-align: center;
            }
            /*]]>*/
        </style>
    </head>
    <body>
        <h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
        <div class="content">
            <p>This page is used to test the proper operation of the
            <strong>nginx</strong> HTTP server after it has been
            installed. If you can read this page, it means that the
            web server installed at this site is working
            properly.</p>
            <div class="alert">
                <h2>Website Administrator</h2>
                <div class="content">
                    <p>This is the default <tt>index.html</tt> page that
                    is distributed with <strong>nginx</strong> on
                    Red Hat Enterprise Linux.  It is located in
                    <tt>/usr/share/nginx/html</tt>.</p>
                    <p>You should now put your content in a location of
                    your choice and edit the <tt>root</tt> configuration
                    directive in the <strong>nginx</strong>
                    configuration file
                    <tt>/etc/nginx/nginx.conf</tt>.</p>
                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
                </div>
            </div>
            <div class="logos">
                <a href="http://nginx.net/"><img
                    src="nginx-logo.png" 
                    alt="[ Powered by nginx ]"
                    width="121" height="32" /></a>
                <a href="http://www.redhat.com/"><img
                    src="poweredby.png"
                    alt="[ Powered by Red Hat Enterprise Linux ]"
                    width="88" height="31" /></a>
            </div>
        </div>
    </body>
 </html>
--- a/SOURCES/nginx-1.14.0-logs-perm.patch
+++ b/SOURCES/nginx-1.14.0-logs-perm.patch
@ -1,13 +0,0 @@
 diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
 index aee7a58..bcceecb 100644
 --- a/src/core/ngx_cycle.c
 +++ b/src/core/ngx_cycle.c
@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
         }
         fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND,
 -                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS);
 +                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220);
         ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
                        "reopen file \"%s\", old:%d new:%d",
--- a/SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch
+++ b/SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch
@ -1,157 +0,0 @@
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 index 345914f..d23967f 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
@@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
 ngx_int_t
 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 {
 +    ngx_uint_t prot = NGX_SSL_NO_PROT;
 +
     ssl->ctx = SSL_CTX_new(SSLv23_method());
     if (ssl->ctx == NULL) {
@@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
 -#if OPENSSL_VERSION_NUMBER >= 0x009080dfL
 -    /* only in 0.9.8m+ */
 -    SSL_CTX_clear_options(ssl->ctx,
 -                          SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
 -#endif
 -
 -    if (!(protocols & NGX_SSL_SSLv2)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
 -    }
 -    if (!(protocols & NGX_SSL_SSLv3)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
 -    }
 -    if (!(protocols & NGX_SSL_TLSv1)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
 -    }
 -#ifdef SSL_OP_NO_TLSv1_1
 -    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
 -    if (!(protocols & NGX_SSL_TLSv1_1)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
 -    }
 +    if (protocols){
 +#ifdef SSL_OP_NO_TLSv1_3
 +        if (protocols & NGX_SSL_TLSv1_3) {
 +            prot = TLS1_3_VERSION;
 +        } else
 #endif
 #ifdef SSL_OP_NO_TLSv1_2
 -    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
 -    if (!(protocols & NGX_SSL_TLSv1_2)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
 -    }
 +        if (protocols & NGX_SSL_TLSv1_2) {
 +            prot =  TLS1_2_VERSION;
 +        } else
 #endif
 -#ifdef SSL_OP_NO_TLSv1_3
 -    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
 -    if (!(protocols & NGX_SSL_TLSv1_3)) {
 -        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
 -    }
 +#ifdef SSL_OP_NO_TLSv1_1
 +        if (protocols & NGX_SSL_TLSv1_1) {
 +            prot = TLS1_1_VERSION;
 +        } else
 #endif
 +        if (protocols & NGX_SSL_TLSv1) {
 +            prot = TLS1_VERSION;
 +        }
 +
 +        if (prot == NGX_SSL_NO_PROT) {
 +                    ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
 +                      "No SSL protocols available [hint: ssl_protocols]");
 +            return NGX_ERROR;
 +        }
 -#ifdef SSL_CTX_set_min_proto_version
 -    SSL_CTX_set_min_proto_version(ssl->ctx, 0);
 -    SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
 +        SSL_CTX_set_max_proto_version(ssl->ctx, prot);
 +
 +        /* Now, we have to scan for minimal protocol version,
 +         *without allowing holes between min and max*/
 +#if SSL_OP_NO_TLSv1_3
 +        if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
 +            prot = TLS1_2_VERSION;
 +        }
 #endif
 -#ifdef TLS1_3_VERSION
 -    SSL_CTX_set_min_proto_version(ssl->ctx, 0);
 -    SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
 +#ifdef SSL_OP_NO_TLSv1_1
 +        if ((prot == TLS1_2_VERSION) && (protocols & NGX_SSL_TLSv1_1)) {
 +            prot = TLS1_1_VERSION;
 +        }
 +#endif
 +#ifdef SSL_OP_NO_TLSv1_2
 +        if ((prot == TLS1_1_VERSION) && (protocols & NGX_SSL_TLSv1)) {
 +            prot = TLS1_VERSION;
 +        }
 #endif
 +        SSL_CTX_set_min_proto_version(ssl->ctx, prot);
 +    }
 #ifdef SSL_OP_NO_COMPRESSION
     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
 diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
 index 61da0c5..fa7ac41 100644
 --- a/src/event/ngx_event_openssl.h
 +++ b/src/event/ngx_event_openssl.h
@@ -145,6 +145,7 @@ typedef struct {
 #endif
 +#define NGX_SSL_NO_PROT  0x0000
 #define NGX_SSL_SSLv2    0x0002
 #define NGX_SSL_SSLv3    0x0004
 #define NGX_SSL_TLSv1    0x0008
 diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
 index b3f8f47..8340a12 100644
 --- a/src/http/modules/ngx_http_ssl_module.c
 +++ b/src/http/modules/ngx_http_ssl_module.c
@@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
 -                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
 -                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 +                         0)
     ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
                          NGX_SSL_BUFSIZE);
 diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
 index 5544f75..3316a4b 100644
 --- a/src/mail/ngx_mail_ssl_module.c
 +++ b/src/mail/ngx_mail_ssl_module.c
@@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->prefer_server_ciphers, 0);
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
 -                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
 -                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 +                         0);
     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
 diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
 index ec9524e..37af046 100644
 --- a/src/stream/ngx_stream_ssl_module.c
 +++ b/src/stream/ngx_stream_ssl_module.c
@@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->prefer_server_ciphers, 0);
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
 -                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
 -                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 +                         0);
     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
--- a/SOURCES/nginx-1.16.0-pkcs11.patch
+++ b/SOURCES/nginx-1.16.0-pkcs11.patch
@ -1,29 +0,0 @@
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 index 7be4fb4..ab3865a 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
@@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
             return NULL;
         }
 +        if (!ENGINE_init(engine)) {
 +            *err = "ENGINE_init() failed";
 +            ENGINE_free(engine);
 +            return NULL;
 +        }
 +
         *last++ = ':';
         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
         if (pkey == NULL) {
             *err = "ENGINE_load_private_key() failed";
 +            ENGINE_finish(engine);
             ENGINE_free(engine);
             return NULL;
         }
 +        ENGINE_finish(engine);
         ENGINE_free(engine);
         return pkey;
--- a/SOURCES/nginx-auto-cc-gcc.patch
+++ b/SOURCES/nginx-auto-cc-gcc.patch
@ -1,13 +0,0 @@
 --- auto/cc/gcc.orig	2007-03-22 08:34:53.000000000 -0600
 +++ auto/cc/gcc	2007-03-22 08:58:47.000000000 -0600
@@ -172,7 +172,9 @@
 # stop on warning
 -CFLAGS="$CFLAGS -Werror"
 +# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
 +# to not compile.
 +#CFLAGS="$CFLAGS -Werror"
 # debug
 CFLAGS="$CFLAGS -g"
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@ -1,912 +0,0 @@
 %global  _hardened_build     1
 %global  nginx_user          nginx
 # Disable strict symbol checks in the link editor.
 # See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
 %undefine _strict_symbol_defs_build
 %global with_gperftools 0
 %bcond_with geoip
 %global with_aio 1
 %if 0%{?fedora} > 22
 %global with_mailcap_mimetypes 1
 %endif
 Name:              nginx
 Epoch:             1
 Version:           1.16.1
 Release:           1%{?dist}
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
 # BSD License (two clause)
 # http://www.freebsd.org/copyright/freebsd-license.html
 License:           BSD
 URL:               http://nginx.org/
 Source0:           https://nginx.org/download/nginx-%{version}.tar.gz
 Source10:          nginx.service
 Source11:          nginx.logrotate
 Source12:          nginx.conf
 Source13:          nginx-upgrade
 Source14:          nginx-upgrade.8
 Source100:         index.html
 Source101:         poweredby.png
 Source102:         nginx-logo.png
 Source103:         404.html
 Source104:         50x.html
 Source200:         README.dynamic
 Source210:         UPGRADE-NOTES-1.6-to-1.10
 # removes -Werror in upstream build scripts.  -Werror conflicts with
 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 Patch0:            nginx-auto-cc-gcc.patch
 # downstream patch - changing logs permissions to 664 instead
 # previous 644
 Patch1:            nginx-1.14.0-logs-perm.patch
 # PKCS#11 engine fix
 Patch2:            nginx-1.16.0-pkcs11.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1655530
 Patch3:            nginx-1.14.1-perl-module-hardening.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1643647
 Patch4:            nginx-1.16.0-enable-tls1v3-by-default.patch
 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
 %endif
 BuildRequires:     openssl-devel
 BuildRequires:     pcre-devel
 BuildRequires:     zlib-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}
 %if 0%{?rhel} > 0 && 0%{?rhel} < 8
 # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
 Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}
 %endif
 Requires:          openssl
 Requires:          pcre
 Requires(pre):     nginx-filesystem
 %if 0%{?with_mailcap_mimetypes}
 Requires:          nginx-mimetypes
 %endif
 Provides:          webserver
 BuildRequires:     systemd
 Requires(post):    systemd
 Requires(preun):   systemd
 Requires(postun):  systemd
 %description
 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
 IMAP protocols, with a strong focus on high concurrency, performance and low
 memory usage.
 %package all-modules
 Group:             System Environment/Daemons
 Summary:           A meta package that installs all available Nginx modules
 BuildArch:         noarch
 %if %{with geoip}
 Requires:          nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
 %endif
 Requires:          nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-http-perl = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-mail = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-stream = %{epoch}:%{version}-%{release}
 %description all-modules
 A meta package that installs all available Nginx modules.
 %package filesystem
 Group:             System Environment/Daemons
 Summary:           The basic directory layout for the Nginx server
 BuildArch:         noarch
 Requires(pre):     shadow-utils
 %description filesystem
 The nginx-filesystem package contains the basic directory layout
 for the Nginx server including the correct permissions for the
 directories.
 %if %{with geoip}
 %package mod-http-geoip
 Group:             System Environment/Daemons
 Summary:           Nginx HTTP geoip module
 BuildRequires:     GeoIP-devel
 Requires:          nginx
 Requires:          GeoIP
 %description mod-http-geoip
 %{summary}.
 %endif
 %package mod-http-image-filter
 Group:             System Environment/Daemons
 Summary:           Nginx HTTP image filter module
 BuildRequires:     gd-devel
 Requires:          nginx
 Requires:          gd
 %description mod-http-image-filter
 %{summary}.
 %package mod-http-perl
 Group:             System Environment/Daemons
 Summary:           Nginx HTTP perl module
 BuildRequires:     perl-devel
 %if 0%{?fedora} >= 24
 BuildRequires:     perl-generators
 %endif
 BuildRequires:     perl(ExtUtils::Embed)
 Requires:          nginx
 Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 Requires:          perl(constant)
 %description mod-http-perl
 %{summary}.
 %package mod-http-xslt-filter
 Group:             System Environment/Daemons
 Summary:           Nginx XSLT module
 BuildRequires:     libxslt-devel
 Requires:          nginx
 %description mod-http-xslt-filter
 %{summary}.
 %package mod-mail
 Group:             System Environment/Daemons
 Summary:           Nginx mail modules
 Requires:          nginx
 %description mod-mail
 %{summary}.
 %package mod-stream
 Group:             System Environment/Daemons
 Summary:           Nginx stream modules
 Requires:          nginx
 %description mod-stream
 %{summary}.
 %prep
 %setup -q
 %patch0 -p0
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
 %if 0%{?rhel} > 0 && 0%{?rhel} < 8
 sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
 sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
 %endif
 %build
 # nginx does not utilize a standard configure script.  It has its own
 # and the standard configure options cause the nginx configure script
 # to error out.  This is is also the reason for the DESTDIR environment
 # variable.
 export DESTDIR=%{buildroot}
 ./configure \
    --prefix=%{_datadir}/nginx \
    --sbin-path=%{_sbindir}/nginx \
    --modules-path=%{_libdir}/nginx/modules \
    --conf-path=%{_sysconfdir}/nginx/nginx.conf \
    --error-log-path=%{_localstatedir}/log/nginx/error.log \
    --http-log-path=%{_localstatedir}/log/nginx/access.log \
    --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
    --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
    --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
    --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
    --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
    --pid-path=/run/nginx.pid \
    --lock-path=/run/lock/subsys/nginx \
    --user=%{nginx_user} \
    --group=%{nginx_user} \
 %if 0%{?with_aio}
    --with-file-aio \
 %endif
    --with-ipv6 \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_realip_module \
    --with-stream_ssl_preread_module \
    --with-http_addition_module \
    --with-http_xslt_module=dynamic \
    --with-http_image_filter_module=dynamic \
 %if %{with geoip}
    --with-http_geoip_module=dynamic \
 %endif
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_degradation_module \
    --with-http_slice_module \
    --with-http_stub_status_module \
    --with-http_perl_module=dynamic \
    --with-http_auth_request_module \
    --with-mail=dynamic \
    --with-mail_ssl_module \
    --with-pcre \
    --with-pcre-jit \
    --with-stream=dynamic \
    --with-stream_ssl_module \
 %if 0%{?with_gperftools}
    --with-google_perftools_module \
 %endif
    --with-debug \
    --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
    --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols
 make %{?_smp_mflags}
 %install
 make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
 find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
 find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
 find %{buildroot} -type f -empty -exec rm -f '{}' \;
 find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
 install -p -D -m 0644 ./nginx.service \
    %{buildroot}%{_unitdir}/nginx.service
 install -p -D -m 0644 %{SOURCE11} \
    %{buildroot}%{_sysconfdir}/logrotate.d/nginx
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system/nginx.service.d
 install -p -d -m 0755 %{buildroot}%{_unitdir}/nginx.service.d
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
 install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
 install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
 install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
 install -p -m 0644 ./nginx.conf \
    %{buildroot}%{_sysconfdir}/nginx
 install -p -m 0644 %{SOURCE100} \
    %{buildroot}%{_datadir}/nginx/html
 install -p -m 0644 %{SOURCE101} %{SOURCE102} \
    %{buildroot}%{_datadir}/nginx/html
 install -p -m 0644 %{SOURCE103} %{SOURCE104} \
    %{buildroot}%{_datadir}/nginx/html
 %if 0%{?with_mailcap_mimetypes}
 rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
 %endif
 install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \
    %{buildroot}%{_mandir}/man8/nginx.8
 install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
 install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
 for i in ftdetect indent syntax; do
    install -p -D -m644 contrib/vim/${i}/nginx.vim \
        %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
 done
 %if %{with geoip}
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
 %endif
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
 echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
 echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
 %pre filesystem
 getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
 getent passwd %{nginx_user} > /dev/null || \
    useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
    -s /sbin/nologin -c "Nginx web server" %{nginx_user}
 exit 0
 %post
 %systemd_post nginx.service
 %if %{with geoip}
 %post mod-http-geoip
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %endif
 %post mod-http-image-filter
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-http-perl
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-http-xslt-filter
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-mail
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-stream
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %preun
 %systemd_preun nginx.service
 %postun
 %systemd_postun nginx.service
 if [ $1 -ge 1 ]; then
    /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
 fi
 %files
 %license LICENSE
 %doc CHANGES README README.dynamic
 %if 0%{?rhel} == 7
 %doc UPGRADE-NOTES-1.6-to-1.10
 %endif
 %{_datadir}/nginx/html/*
 %{_bindir}/nginx-upgrade
 %{_sbindir}/nginx
 %{_datadir}/vim/vimfiles/ftdetect/nginx.vim
 %{_datadir}/vim/vimfiles/syntax/nginx.vim
 %{_datadir}/vim/vimfiles/indent/nginx.vim
 %{_mandir}/man3/nginx.3pm*
 %{_mandir}/man8/nginx.8*
 %{_mandir}/man8/nginx-upgrade.8*
 %{_unitdir}/nginx.service
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/koi-utf
 %config(noreplace) %{_sysconfdir}/nginx/koi-win
 %if ! 0%{?with_mailcap_mimetypes}
 %config(noreplace) %{_sysconfdir}/nginx/mime.types
 %endif
 %config(noreplace) %{_sysconfdir}/nginx/mime.types.default
 %config(noreplace) %{_sysconfdir}/nginx/nginx.conf
 %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
 %config(noreplace) %{_sysconfdir}/nginx/scgi_params
 %config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
 %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/win-utf
 %config(noreplace) %{_sysconfdir}/logrotate.d/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx
 %dir %{_libdir}/nginx/modules
 %files all-modules
 %files filesystem
 %dir %{_datadir}/nginx
 %dir %{_datadir}/nginx/html
 %dir %{_sysconfdir}/nginx
 %dir %{_sysconfdir}/nginx/conf.d
 %dir %{_sysconfdir}/nginx/default.d
 %dir %{_sysconfdir}/systemd/system/nginx.service.d
 %dir %{_unitdir}/nginx.service.d
 %if %{with geoip}
 %files mod-http-geoip
 %{_datadir}/nginx/modules/mod-http-geoip.conf
 %{_libdir}/nginx/modules/ngx_http_geoip_module.so
 %endif
 %files mod-http-image-filter
 %{_datadir}/nginx/modules/mod-http-image-filter.conf
 %{_libdir}/nginx/modules/ngx_http_image_filter_module.so
 %files mod-http-perl
 %{_datadir}/nginx/modules/mod-http-perl.conf
 %{_libdir}/nginx/modules/ngx_http_perl_module.so
 %dir %{perl_vendorarch}/auto/nginx
 %{perl_vendorarch}/nginx.pm
 %{perl_vendorarch}/auto/nginx/nginx.so
 %files mod-http-xslt-filter
 %{_datadir}/nginx/modules/mod-http-xslt-filter.conf
 %{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
 %files mod-mail
 %{_datadir}/nginx/modules/mod-mail.conf
 %{_libdir}/nginx/modules/ngx_mail_module.so
 %files mod-stream
 %{_datadir}/nginx/modules/mod-stream.conf
 %{_libdir}/nginx/modules/ngx_stream_module.so
 %changelog
 * Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
 - update to 1.16.1
 - Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
  of data request leads to denial of service
 - Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using
  PRIORITY frames resulting in excessive resource consumption
 - Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length
  headers leads to denial of service
 * Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2
 - Resolves: #1718929 - ssl_protocols config option has faulty behavior
  in nginx:1.16
 * Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1
 - new version 1.16.0
 - enable ngx_stream_ssl_preread module
 - main package does NOT require all-modules package
 * Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8
 - enable TLS 1.3 by default (#1643647)
 - TLSv1.0 and TLSv1.1 can be enabled now (#1644746)
 * Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
 - fix unexpanded paths in nginx(8) (#1643069)
 * Mon Dec 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
 - Resolves: #1655530 - Hardening tests fail for nginx
 * Mon Nov 19 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-1
 - new version 1.14.1
 - Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and
  memory disclosure via mp4 module
 - Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage
  via flaw in HTTP/2 implementation
 - Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption
  via flaw in HTTP/2 implementation
 * Wed Aug  8 2018 Joe Orton <jorton@redhat.com> - 1:1.14.0-3
 - fix PKCS#11 support (Anderson Sasaki, #1545526)
 * Mon Aug 06 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.0-2
 - add dependency on perl(constant)
 * Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
 - Resolves: #1558420 - directory permissions are now correct after processing
  USR1 signal
 - Resolves: #1601414 - nginx: drop GeoIP support
 * Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
 - add build conditional for geoip support
 * Thu May 03 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
 - new version 1.14.0
 * Wed Apr 25 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-9
 - changed directory permissions (#1558420)
 * Fri Mar 23 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-8
 - disable gperftools (#1496868)
 * Thu Mar 22 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-7
 - update branding (#1512565)
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Jan 24 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-5
 - Add patch to apply glibc bugfix if really needed only
 - Disable strict symbol checks in the link editor
 * Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-4
 - Rebuilt for switch to libxcrypt
 * Tue Oct 24 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-3
 - rebuild
 * Tue Sep 19 2017 Remi Collet <remi@fedoraproject.org> - 1:1.12.1-2
 - own system drop-in directories #1493036
 * Tue Aug 15 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-1
 - update to 1.12.1 (#1469924)
 - enable http_auth_request_module (Tim Niemueller, #1471106)
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.0-2
 - Perl 5.26 rebuild
 * Tue May 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.0-1
 - new version 1.12.0
 * Wed Feb  8 2017 Joe Orton <jorton@redhat.com> - 1:1.10.3-1
 - update to upstream release 1.10.3
 * Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
 - update to upstream release 1.10.2
 * Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
 - update to upstream release 1.10.1
 * Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
 - Perl 5.24 rebuild
 * Sun May  8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
 - Enable AIO on aarch64 (rhbz 1258414)
 * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
 - only Require nginx-all-modules for EPEL and current Fedora releases
 * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
 - update to upstream release 1.10.0
 - split dynamic modules into subpackages
 - spec file cleanup
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
 - update to upstream release 1.8.1
 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
 - CVE-2016-0746: Use-after-free during CNAME response processing in resolver
 - CVE-2016-0742: Invalid pointer dereference in resolver
 * Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
 - consistently use '%%global with_foo' style of logic
 - remove PID file before starting nginx (#1268621)
 * Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
 - Use nginx-mimetypes from mailcap (#1248736)
 - Mark LICENSE as %%license
 * Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
 - also build with gperftools on aarch64 (#1258412)
 * Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
 - nginx.conf: added commented-out SSL configuration directives (#1179232)
 * Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
 - switch back to /bin/kill in logrotate script due to SELinux denials
 * Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
 - fix path to png in error pages (#1232277)
 - optimize png images with optipng
 * Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
 - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
 - remove After=syslog.target in nginx.service (#1231543)
 - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
 * Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
 - Perl 5.22 rebuild
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
 - revert previous change
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
 - move default server to default.conf (#1220094)
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
 - add TimeoutStopSec=5 and KillMode=mixed to nginx.service
 - set worker_processes to auto
 - add some common options to the http block in nginx.conf
 - run nginx-upgrade on package update
 - remove some redundant scriptlet commands
 - listen on ipv6 for default server (#1217081)
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
 - improve nginx-upgrade script
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
 - add --with-pcre-jit
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
 - update to upstream release 1.8.0
 * Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
 - update to upstream release 1.7.12
 * Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
 - update to upstream release 1.7.10
 - remove systemd conditionals
 * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
 - fix package ownership of directories
 * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
 - add vim files (#1142849)
 * Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
 - create nginx-filesystem subpackage (patch from Remi Collet)
 - create /etc/nginx/default.d as a drop-in directory for configuration files
  for the default server block
 - clean up nginx.conf
 * Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
 - update to upstream release 1.6.2
 - CVE-2014-3616 nginx: virtual host confusion (#1142573)
 * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
 - Perl 5.20 rebuild
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
 - add logic for EPEL 7
 * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
 - update to upstream release 1.6.1
 - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
 * Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
 - Fix FTBFS on aarch64 (#1115559)
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
 - update to upstream release 1.6.0
 * Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
 - update to upstream release 1.4.7
 * Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
 - update to upstream release 1.4.6
 * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
 - avoid multiple index directives (#1065488)
 * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
 - update to upstream release 1.4.5
 * Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
 - Update to upstream release 1.4.4
 - Security fix BZ 1032267
 * Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
 - update to upstream release 1.4.3
 * Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
 - Add in conditionals to build for non-systemd targets
 * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
 - Perl 5.18 rebuild
 * Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
 - update to upstream release 1.4.2
 * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
 - Perl 5.18 rebuild
 * Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
 - rebuild for new GD 2.1.0
 * Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
 - update to upstream release 1.4.1 (#960605, #960606):
  CVE-2013-2028 stack-based buffer overflow when handling certain chunked
  transfer encoding requests
 * Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
 - gperftools exist only on selected arches
 * Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
 - update to upstream release 1.4.0
 - enable SPDY module (new in this version)
 - enable http gunzip module (new in this version)
 - enable google perftools module and add gperftools-devel to BR
 - enable debugging (#956845)
 - trim changelog
 * Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
 - update to upstream release 1.2.8
 * Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
 - make sure nginx directories are not world readable (#913724, #913735)
 * Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
 - update to upstream release 1.2.7
 - add .asc file
 * Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
 - use 'kill' instead of 'systemctl' when rotating log files to workaround
  SELinux issue (#889151)
 * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
 - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
  conf.d directory empty (#903065)
 * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
 - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
  (#903065)
 * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
 - use correct file ownership when rotating log files
 * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
 - send correct kill signal and use correct file permissions when rotating
  log files (#888225)
 - send correct kill signal in nginx-upgrade
 * Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
 - update to upstream release 1.2.6
 * Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
 - update to upstream release 1.2.5
 * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
 - update to upstream release 1.2.4
 - introduce new systemd-rpm macros (#850228)
 - link to official documentation not the community wiki (#870733)
 - do not run systemctl try-restart after package upgrade to allow the
  administrator to run nginx-upgrade and avoid downtime
 - add nginx man page (#870738)
 - add nginx-upgrade man page and remove README.fedora
 - remove chkconfig from Requires(post/preun)
 - remove initscripts from Requires(preun/postun)
 - remove separate configuration files in "/etc/nginx/conf.d" directory
  and revert to upstream default of a centralized nginx.conf file
  (#803635) (#842738)
 * Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
 - update to upstream release 1.2.3
 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
 - Perl 5.16 rebuild
 * Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
 - update to upstream release 1.2.1
 * Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
 - Perl 5.16 rebuild
 * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
 - update to upstream release 1.2.0
 * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
 - add nginx-upgrade to replace functionality from the nginx initscript
  that was lost after migration to systemd
 - add README.fedora to describe usage of nginx-upgrade
 - nginx.logrotate: use built-in systemd kill command in postrotate script
 - nginx.service: start after syslog.target and network.target
 - nginx.service: remove unnecessary references to config file location
 - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
  advice from nginx-devel
 - nginx.service: use private /tmp
 * Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
 - fix incorrect postrotate script in nginx.logrotate
 * Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
 - renable auto-cc-gcc patch due to warnings on rawhide
 * Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
 - update to upstream release 1.0.15
 - no need to apply auto-cc-gcc patch
 - add %%global _hardened_build 1
 * Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
 - update to upstream release 1.0.14
 - amend some %%changelog formatting
 * Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
 - update to upstream release 1.0.13
 - amend --pid-path and --log-path
 * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
 - change pid path in nginx.conf to match systemd service file
 * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
 - fix %%pre scriptlet
 * Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
 - update upstream URL
 - replace %%define with %%global
 - remove obsolete BuildRoot tag, %%clean section and %%defattr
 - remove various unnecessary commands
 - add systemd service file and update scriptlets
 - add Epoch to accommodate %%triggerun as part of systemd migration
 * Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
 - Update to 1.0.12
 * Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
 - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
 - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
 - Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
 * Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
 - Update to new 1.0.8 stable release
 * Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
 - Update nginx to Latest Stable Release
 * Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
 - Perl mass rebuild
 * Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
 - Perl 5.14 mass rebuild
 * Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
 - Update to 1.0.0
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
 - Extract out default config into its own file (bug #635776)
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
 - Revert ownership of log dir
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
 - Change ownership of /var/log/nginx to be 0700 nginx:nginx
 - update init script to use killproc -p
 - add reopen_logs command to init script
 - update init script to use nginx -q option
 * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
 - Fix linking of perl module
 * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
 - Update to new stable 0.8.53
 * Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
 - add Provides: webserver (bug #619693)
 * Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
 - Update to new stable 0.7.67
 - fix bugzilla #591543
 * Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
 - Mass rebuild with perl-5.12.0
 * Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
 - Update to new stable 0.7.65
 - change ownership of logdir to root:root
 - add support for ipv6 (bug #561248)
 - add random_index_module
 - add secure_link_module
 * Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
 - Update to new stable 0.7.64
--- a/SOURCES/UPGRADE-NOTES-1.6-to-1.10
+++ b/SOURCES/UPGRADE-NOTES-1.6-to-1.10
--- a/arut.key
+++ b/arut.key
@ -0,0 +1,114 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGYXyiQBEAC4jm1y+ODV4+YDGj9vp2BgHB4FJeQdgrBiVX+Mb2qCrEqJgeKV
 fVwKjkVYqnb76TTybdOKqCP5wdQrncKAKlXsMq6sdsiwPSrdRcjkeiE29WWrtbB4
 i+VObnoWklMblMxFQ1XQIkjs2wviidKjJw2VV3i4XnLSrHhWaWqviTLZCMQymoPs
 F+Tfu1WX9OUfOquekZ5KjkyBxB4ep6+NPeuIkPnW0SiTUhU8tbi8v0aBZEHSZLqE
 mq8KLROVuYSPvtU+NtaXAM09BHEVCfb409aDps9p6AFT+IN8yoOegGdEZjp6hJvS
 HxbhuwqNEtg4dTEV515YUCgKabqU1QaqI/Y0+Pdkpep1KRFc9YUYttDkCw7Ybu2u
 fwTGzwAbD+ThAIOdzmMDodzZaEMf+9fQG4bnO1PdNbXzyP7Kv9qzGa65+9oGCPOS
 qTpISR8pvzoI8w/Z/vG71ob/nQ6Xm0L986ksErdGhu16ZI7lW2eDYqy2IoFfbeSz
 HHxk484/pEibrlCRbP2Id+zULfxo1HGOGg+PAY9Q2uNzABsGDMnOhIvXHS+hP7oB
 sO9A4Prqu6K6cMp3QI219tmmOUegJpmGGPzoNgxR7H30wNcjZPv4PWr/c0fP70Ny
 ilgbdcEMDSHks30AmiuIvcUxo3A21p2nnpxsKAKYx42UJkyEK0HILMzcqwARAQAB
 tCZSb21hbiBBcnV0eXVueWFuIDxyLmFydXR5dW55YW5AZjUuY29tPokCTgQTAQgA
 OBYhBEM4eCXdsbuX7Da6XQB8jXwV2HNpBQJmF8pXAhsDBQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAAAoJEAB8jXwV2HNppvQP/AjzdPKkGRzJkb1ioto/IEP1YhA/Eayk
 hvejJ0vyWVHXXH7FLW9fIZoApcsD1J8/7zIANm+62IfT3QNbL2R44IyhJB3AY22l
 t0ToLxodfugegF3NPYYyFOSRUoPD4g2T/dMCPOBX4MNEAnAlCmxAMaJNmQUO76IY
 GwELa3CH3Aqf7bthKy8P36G11hu7NgH6V9mVIRIpfnfpXFQIztj+vsWtswu4M5t7
 BNJwx4a2KTCVQpTdff5/0dO/5drQDxLbIg681WZk3Oe8Eu6nSc0Ud02NIkg1TQH/
 MryAp7o/ua3LRem+W/cktnT60p4uXPVZ3Rvg3zOmJSNJ+eIXY2+sDeZEPaROKldA
 IbnBacTsZjdswIlrbzinY8ZVRosaFlvHg/ESTBRItALHWCRdzOR1Wv1qy/PQfEEL
 qftDsCTQhssP1MHJWlejeqPlND3iT2vBDeOxqd6WhKuAc+L04iyBB6p867pwrgDF
 ecg82DPehsAnO2XBAFuIE/SLewkYm0B9HK7/J4LZqPwTAksPf/dnbMAmHWoBDqsu
 4U4U4SsJKsZ87R9ao8qO7IWCzHrXavHFmnbqweFfHToeKF/L4PB+tYoW3YmUOged
 CglpJv13bNWmRwL7+x8b7BwpVwClxHBHteDX4RIN5iPH9h20J4jIpzRa1kNJsTu1
 v4ZkqLWJlkiiiQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmYdpjsA
 CgkQpk/VsXrbOahISgf/U7ZO0yK0PsOcAFTB0TQBCNsAhxtJAEJoVoweuYiLk8jR
 0OeDRCy0BC//qWDLFT7NKuP50SM2u0Csbg+n6b0bdy+vXbbGVzIAYzG09rPYe2Q5
 qwqyAx+MMzyICXul9lGNU2qN2qjUXMb0mCWUhxwMvzRUeS7shT1CBhGrnpoYkY56
 NhWj7iG1BbLwYVQzDZC/Rp6rvwJQgZo7+DjaMjryGAEI0ujpUp8ywrPaJpwIuXDI
 D5BhcyUaEd3XOondHQNedlgERXHT4pN+oNMPWwN3+DeQYLS3FHiqyz05ZvoeWnao
 A2/fWNA+BqIdjilp/TDDI4Ef7c9hp13weaZggYB3M4kBMwQQAQgAHRYhBFc7/Ws9
 j7xkEHmmq6v1vYJ72b9iBQJmHabkAAoJEKv1vYJ72b9iDgoIAP1QJjl4ynLAV9Bo
 Ol4AAzxZ3x/2NEgLSnjLfhb/OduDxQlL9oPulWoLDG41xiZJkepEnQWmSsIYF6Xe
 RsAB+eREU2uCxqCvBXpyIs5npXvVDV2/PQuVEop7HByx6Hjr9XK8hugihnEi1p+9
 Ecbu+89fi93m3C/5uIIil46cHByjRZ+5Yy1UFUB/wsYud1qMcYmvDaqEo5AqWNcM
 gWUFhUfgGTtBbyvIWTeX0NHnrbzHP7lhmPfWsfOjAtO8PpM8Gz5RdNRq44DdRKdG
 uWVby/kni868H+8/tHalDR0I9/Mmg2Uax0eggTVpECv/4+xBduqSB2iPwgRnSzhZ
 6SVKJvKJAjMEEAEIAB0WIQT5TVS8DF1qZBfIzz/oLBEYr5TfbgUCZh5KVgAKCRDo
 LBEYr5TfbitgD/wMamMFfFZnPS7JS1NWEMb5fbhHob1EkmedIpbpRDXUtj0ksehW
 ZAEpmVF9btqS4B+B9tSK1VS2sy4XwEGodNVSGxdtF9W8+iAHAb6Hq1Z7ifWyb991
 Kt/pVk/8adxlU4G8h1fq0idhpnI8KvkAlPJR7+PoJOEN1+VdHS6tkE5LMTf6dF9F
 iVxKQczOS1b/GmfL3kYfu6UvI07ZuaP+90mOt/TZTwkzsWjRY2vofCIPSDY94rLj
 m6PmVFoU3PHLKW7yDz1YXkVE6SgQYGZ2bqB6OHJZnDXUTSHncHTbDVzZQekIs1lP
 V6e5N8Xo/VOpv28feKAsBqQ8ML53djmGUL0azjEz1g2kgPmTuZdKzZ5kcUsULdQV
 aRKcfyYD1oRpwwlw9GJAxliJHck1IdGGaCslrHtzkh3RMULlloAYitzD9jtKsrOj
 R19s+JK/tIfFZZ5gR5qhzgOL8WgkSrIaq2o9R4sigBz1IxnXXC573RDA2F5FAeE/
 K6EmAO+BqVkImZcmP1JsLtr+OM+jihXIILACEJwhOKPtZth9zrLYkXWB1nCaDxHp
 XEUpp6UPCQNgNX8NCghnJr5gis/SmYppgFlO9R9yZ7/LtP0tUX0CmhOeqGMnHt4R
 F8n8D7EBwMWvWjlUbsDkMKX4JORgojguHJZciWQC1gVRwJ0iTH/ImtzDnbQhUm9t
 YW4gQXJ1dHl1bnlhbiA8YXJ1dEBuZ2lueC5jb20+iQJOBBMBCAA4FiEEQzh4Jd2x
 u5fsNrpdAHyNfBXYc2kFAmYXyiQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
 CgkQAHyNfBXYc2kRFw//VFuCnW3EwoLCWWgWCikgI9kbVDr0/Qiyf2Gb9sfOyzBN
 q/+ZGjTs7EqTHbYUiCTgjy8t0SNKizoCXjSWLToTAXhOeTY3wDuHkdc3C2OPMPgm
 HPGmdnfplmsZjj689sy0MTnlLmU/87texR/f3REAKtchVjo5AojuZxXJi+ryBvoz
 KXi82M1JaYlIr15T+OiRtfZ3cgfTkb5CRa0YRV7QQ1zhOiF0AFKVVikFwRuquphT
 y2cSLILLzOpwG/CjMJzO4VOASmGJmdicIfYSsZSzz37RrcfeYwR6quJ55Y9QF9IU
 fg5AHWufpXaf6FbMsW1U1mOq0tMvwvdcO+u5I5SBj6IkqO4zavmW/i5zkxaq96wF
 Qn6+oRkqHnNNn0hl/B4MWdEjDJsaDXfkQ3Snn4Bfl1JPT6cH2NDVYQn1siIOim/W
 G5lhGLNB1TOAVLHblQ2xILadK0T33y6lfRUV3BOW01BDoF0ndyd7LjG5Di/cjfSo
 1hvhTkW7QJGfzVV4IAAxEyHKlmgONfggZoplqukuPsq7eNNRPhvlZq632QXIqt6Y
 xE43Nk0O41rX/tWtB7eNcPvfNOc+sGljnCSwpRWyx9xO7plELVD9KdtcyHrIgora
 Flh7KsSbppSQ/iUKRNP+lfCQsMa1yrnQyxazss8OGlB7YpUJL4trQW35f/jXFD+J
 ATMEEAEIAB0WIQRzOJcwae0/RD9NN9+mT9Wxets5qAUCZh2mQQAKCRCmT9Wxets5
 qPBjB/0SDkET7h/Vw2PJKxuYujsL+tn3SKXshgyCM2u00njJM9TqpZbZV681unKM
 l8uHtj9b0Z4U0nHoNEC37wI5FJlxy1hLBw5f2fd/yi8LsD1KP2htjMUW+I2xjcdo
 FusQsIF0s8SyW1DZ3vvN2WcZpKHwub1sY9ZFBfxRc6w+33N4dJwXVXP57kj3Ci8j
 LDLfkaKyiuYgMtFYZiKKX0tfvaM5pXxLvLOzma9vwfjIMIllooZHDSI65jrbmMv0
 rfDKOX9Ws5Xi8n85jq6Oyq28QPLZUsmymCbhvBwq4FcdiyTl9sxCY4HLq0MzmJJ5
 DMhlFd2Ds3BopFTWCB2fvYyVoXRaiQEzBBABCAAdFiEEVzv9az2PvGQQeaarq/W9
 gnvZv2IFAmYdpugACgkQq/W9gnvZv2Jk4Qf+N0P/7FIHowlO01XmBB5KaztBmVb2
 Tj+jtYgPDHRf86O0kW40Rjx++zMlIRNWK4Ue5PKAi82Yue5uvZcVlpWpx/sMvL+N
 C4Xds3Q3qnkxkoemoIMqUKGvePjBpyUWArBkBQ3FrvZtywnzyFWNrvOpeM+5HIuz
 WBri/SHBHzQm1/Jl2r5pHcbUdSxB2o1v3f+SaS2vGxwigIf8v44pRfyeWgkoxYgN
 +2zR0Ing6URZCYkAbwILsmmWGxJIuq+N9Xs1CQ1WZd5S78p/JBMDQ1prUDLCLFMc
 AvlZpQ0HvzEbKGiIVNa1LEQRF4ZWjQOHaPJhg/D3r/Q7VaFlgsOqrwtQaYkCMwQQ
 AQgAHRYhBPlNVLwMXWpkF8jPP+gsERivlN9uBQJmHkpZAAoJEOgsERivlN9u8fYQ
 AK0s0CvQNTXrg/Oe92Ajj+CpFIGhEUgXsufpg3OF+4doXOoRrVcv6y/0dGC+u899
 Qiz5rzP8JkgT3Bvs/oFbQnESX7zob/GuBiRAnaanQQGjQsc8tXUcIgIB8vZI6Hxr
 BZYyjXMrc1fAp1zy6F3YfVtjntp6Zt740zlcFSHPL6pKeNC8lCas7f7EPGm9ERlf
 XvPOsMyKVDRTrtYVrQ17pgmWzMFl9eYzAV81X/cK7O9BmTvLb9HB9THl9QM6iKWd
 UPNNhMseMA55i1y1trvv2rQSP2tm7xAijlffNu/LHyVjOJA+63rk9JqpQi2O/sI6
 naCZ5kLky3+OisbzJLtsIv3KWGF4jnpZJwPI97UbRAxrBCPd8BDXW06qQ0xfF9GA
 sW46IDnf5uNV5Fj9T1IhZUUCU6XwwhcTENwcaJ2hubPzW19gvxieRpxdvnXhjUxR
 UgqgFjtlpyBSABYr2REiaBTHkR1qVMa8tThpSyzfmfBNe9chBGQBdDMzTTUDf4dU
 cw4UGGPXqrBEapleoZBszXLrZxQxCNmLGFBW3vcJDfRRTvg/OMCIwD72kfd8KY1t
 SRRi5vQ3CvV8E0EEXshjxVk0fwS+5muM1thWZM4xCSgyH6Ka/5biMeUv1VNcKJne
 J51xs9jfS/JltrT/ahWG4J9msJFtmYyrLh/nMxccXK75uQINBGYXyiQBEAC5tT5O
 uysy75BcwAg8jIK+Cw6hNy+riOoCIzsMen8ps4tyDFLmRdpJmVOpmtvESaix2MHf
 Hc/t9hOsQ8LmF3kDG/JisDXcB/v28EOiDpp5Ug/5UOFBnbu4DkxbakJF8KF/rQ9t
 i29lt03saGCf2XbqzTLI6FvZ2TT8hDwAZF5aOtDEHV3ChBPn6gplnJADiZ9DioMZ
 ji1HnL8Zu4IYHMNOgpxULi6TMhBH/MkHbyycOdt/EsQFamnLGeV8KR2fubYjrpbH
 pLZzSRepQyvKIhHAFj6DUeDyEt2XAitxI8YI40IVO75Zu8ZZq0qYGML8Am+t6ZjJ
 3ZR8/DWjxRUYeo+YVEe5f+oRl5GRNkLtGvTAD38Nb2/7SUYdSXA3y3Ocfo/bySwa
 qggeFpDqK5eHXmrO4hvRqYoEyNyW4VQlGyvYq4s2cLeCF/S2w6dV8OFsksIoq8uq
 R1/IQ8Bonsf7iAYpsMAZZOGKiJzr01W3GA4Ka3B/MmZP5CysUhFlFxMsDr3/TWfg
 p3CHd5yGAnuWWWkjqVQzx0tcub3gyDsHCPuws8P2OKJ2lzNPqpp08MjYMMRZb4Y6
 9REXkKw7kXU8zM5+1IpW2U+z83NU86QR08PTpjATz05ltdGqF82Z+Ygl2nav8oqV
 RqNd/k+WE60e1eJmgykjmz6nPbm0S2jt1C7QLQARAQABiQI2BBgBCAAgFiEEQzh4
 Jd2xu5fsNrpdAHyNfBXYc2kFAmYXyiQCGwwACgkQAHyNfBXYc2mTihAAqB+sv9lw
 kRorE6iXwvvj2Dt2iIy7jc1AhZQOH/j7B4GHpV3Ej/ptdUwuzj/aX5EnEeDPZ2JU
 sSKy2q0RpKGKdKOvgy5yVfd8xqujkawXv26QU53mgyfgQCZLhFFhq0MIAqnxPb8h
 SCQeol18Wqs++LjeDMwkgMrHJeNhW2U2llqTS37YfRMOo0Vr022ZHlMlkyMz1sQH
 +C2/nzmmtkI4+vlPeccoN+3239YzndW1+XM8S3dXNcsGTyLAbkCowfpuqQdIP0MY
 lBwx/Xj9fxBNAuqGVCjrjGMg7mozMkeCDzrAoZiaD3Kud8zSs9VpAyAymrPQJSSS
 96b+vr2mDKbV11QJeJZv/d02n4JMjK7Ai//3j/TqkJF4UoYH45g5hvGSrym1UKrf
 n8TqHdtTFjcxAMXLbWICHdDk7/0ole8Bl8csiSHyKy/sGJ0b/7zcB88CS8OfsR3C
 OanK13emeD6rHOp8wEWA1/PA1JoAC5suS/uIgPWa5ujLaViJ9pW6ohfzMqOtLABF
 BB/FgD/qgPF+uTPPLQZw3XO8Q61kFq6x0RJGNgBEOpseounx+T6FCxZqrvjWm/WK
 VQUiRBtJIvD7Z8UCP+NUzdj3hwLAXpXrPz0gkcbI+hdlTJHCC6i61Qf5OIWnhtw6
 kZv2zEcTtzlAYNEumy8KrJzICmPLS7BEC8w=
 =ilJ3
 -----END PGP PUBLIC KEY BLOCK-----
--- a/565
+++ b/565
@ -0,0 +1,565 @@
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Wed Oct 19 2022 Felix Kaechele <felix@kaechele.ca> - 1:1.22.1-1
 - update 1.22.1
 - build against OpenSSL 3 on EL8
 - enable kTLS support
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.22.0-3
 - Fix nginx downgrade issue after introducing core sub-package
 * Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.22.0-2
 - Perl 5.36 rebuild
 * Wed May 25 2022 Felix Kaechele <heffer@fedoraproject.org> - 1:1.22.0-1
 - update to 1.22.0
 - switch to pcre2
 - drop CVE-2021-3618 patch, it's upstreamed
 - add signing key of Konstantin Pavlov
 - add stream_geoip_module and stream_realip_module
 * Thu Mar 24 2022 Honza Horak <hhorak@redhat.com> - 1:1.20.2-4
 - Introduce core sub-package for having a daemon only with a minimal footprint
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.20.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Fri Dec 17 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.2-1
 - update to 1.20.2
 * Mon Oct 18 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-9
 - fix installation of nginxmods.attr for EPEL 7
 * Mon Oct 18 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-8
 - Fix "file size changed while zipping" when rotating logs (rhbz#1980948,2015249,2015243)
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:1.20.1-7
 - Rebuilt with OpenSSL 3.0.0
 * Tue Aug 10 2021 Neal Gompa <ngompa@datto.com> - 1:1.20.1-6
 - Add -mod-devel subpackage for building external nginx modules (rhbz#1989778)
 * Mon Aug 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-5
 - Add symlink used by system-logos-httpd
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.20.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Fri Jun 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-3
 - fix for CVE-2021-3618 (rhbz#1975651)
 * Tue Jun 01 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-2
 - use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2
 * Tue May 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-1
 - update to 1.20.1 (fixes CVE-2021-23017)
 * Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.20.0-4
 - Perl 5.34 rebuild
 * Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-3
 - Related: #1636235 - centralizing default index.html on nginx
 * Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-2
 - sync rawhide and EPEL7 spec files again
 - systemd service reload now checks config file (rhbz#1565377)
 - drop nginx requirement on nginx-all-modules (rhbz#1708799)
 - let nginx handle log creation on logrotate (rhbz#1683388)
 - have log directory owned by root (rhbz#1390183, CVE-2016-1247)
 - remove obsolete --with-ipv6 (src PR#8)
 - correction: pcre2 is actually not supported by nginx, reintroduce pcre
 * Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-1
 - update to 1.20.0
 - sync with mainline spec file
 - order configure options alphabetically for easier comparinggit
 - add --with-compat option (rhbz#1834452)
 - add patch to fix PIDFile race condition (rhbz#1869026)
 - use pcre2 instead of pcre (rhbz#1938984)
 - add Wants=network-online.target to systemd unit (rhbz#1943779)
 * Mon Feb 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-5
 - Resolves: #1931402 - drop gperftools module
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.18.0-2
 - Perl 5.32 rebuild
 * Fri Apr 24 2020 Felix Kaechele <heffer@fedoraproject.org> - 1:1.18.0-1
 - Update to 1.18.0
 - Increased types_hash_max_size to 4096 in default config
 - Add gpg source verification
 - Add Recommends: logrotate
 - Drop location / from default config (rhbz#1564768)
 - Drop default_sever from default config (rhbz#1373822)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sun Sep 15 2019 Warren Togami <warren@blockstream.com>
 - add conditionals for EPEL7, see rhbz#1750857
 * Tue Aug 13 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.1-1
 - Update to upstream release 1.16.1
 - Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.16.0-4
 - Perl 5.30 rebuild
 * Tue May 14 2019 Stephen Gallagher <sgallagh@redhat.com> - 1.16.0-3
 - Move to common default index.html
 - Resolves: rhbz#1636235
 * Tue May 07 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-2
 - Add missing directory for vim plugin
 * Fri Apr 26 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-1
 - Update to upstream release 1.16.0
 * Mon Mar 04 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.15.9-1
 - Update to upstream release 1.15.9
 - Enable ngx_stream_ssl_preread module
 - Remove redundant conditionals
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:1.14.1-4
 - Rebuilt for libcrypt.so.2 (#1666033)
 * Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
 - fix unexpanded paths in nginx(8)
 * Tue Nov 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
 - new version 1.14.1
 - Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
 - Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
  disclosure via mp4 module
 - Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
  via flaw in HTTP/2 implementation
 - Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
  in HTTP/2 implementation
 * Mon Aug 06 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-14
 - add requires on perl(constant) for mod-http-perl
 * Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-13
 - don't build with geoip by default
 * Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
 - add build conditional for geoip support
 * Mon Jul 16 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.1-11
 - Add gcc to BuildRequires to account for
  https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.1-9
 - Perl 5.28 rebuild
 * Mon May 14 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-8
 - Related: #1573942 - nginx fails on start
 * Wed May 02 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-7
 - Resolves: #1573942 - nginx fails on start
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Jan 24 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-5
 - Add patch to apply glibc bugfix if really needed only
 - Disable strict symbol checks in the link editor
 * Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:1.12.1-4
 - Rebuilt for switch to libxcrypt
 * Tue Oct 24 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-3
 - rebuild
 * Tue Sep 19 2017 Remi Collet <remi@fedoraproject.org> - 1:1.12.1-2
 - own system drop-in directories #1493036
 * Tue Aug 15 2017 Joe Orton <jorton@redhat.com> - 1:1.12.1-1
 - update to 1.12.1 (#1469924)
 - enable http_auth_request_module (Tim Niemueller, #1471106)
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.0-2
 - Perl 5.26 rebuild
 * Tue May 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.0-1
 - new version 1.12.0
 * Wed Feb  8 2017 Joe Orton <jorton@redhat.com> - 1:1.10.3-1
 - update to upstream release 1.10.3
 * Mon Oct 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.2-1
 - update to upstream release 1.10.2
 * Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
 - update to upstream release 1.10.1
 * Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
 - Perl 5.24 rebuild
 * Sun May  8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
 - Enable AIO on aarch64 (rhbz 1258414)
 * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
 - only Require nginx-all-modules for EPEL and current Fedora releases
 * Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
 - update to upstream release 1.10.0
 - split dynamic modules into subpackages
 - spec file cleanup
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
 - update to upstream release 1.8.1
 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
 - CVE-2016-0746: Use-after-free during CNAME response processing in resolver
 - CVE-2016-0742: Invalid pointer dereference in resolver
 * Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
 - consistently use '%%global with_foo' style of logic
 - remove PID file before starting nginx (#1268621)
 * Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
 - Use nginx-mimetypes from mailcap (#1248736)
 - Mark LICENSE as %%license
 * Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
 - also build with gperftools on aarch64 (#1258412)
 * Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
 - nginx.conf: added commented-out SSL configuration directives (#1179232)
 * Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
 - switch back to /bin/kill in logrotate script due to SELinux denials
 * Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
 - fix path to png in error pages (#1232277)
 - optimize png images with optipng
 * Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
 - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
 - remove After=syslog.target in nginx.service (#1231543)
 - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
 * Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
 - Perl 5.22 rebuild
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
 - revert previous change
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
 - move default server to default.conf (#1220094)
 * Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
 - add TimeoutStopSec=5 and KillMode=mixed to nginx.service
 - set worker_processes to auto
 - add some common options to the http block in nginx.conf
 - run nginx-upgrade on package update
 - remove some redundant scriptlet commands
 - listen on ipv6 for default server (#1217081)
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
 - improve nginx-upgrade script
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
 - add --with-pcre-jit
 * Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
 - update to upstream release 1.8.0
 * Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
 - update to upstream release 1.7.12
 * Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
 - update to upstream release 1.7.10
 - remove systemd conditionals
 * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
 - fix package ownership of directories
 * Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-3
 - add vim files (#1142849)
 * Mon Sep 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-2
 - create nginx-filesystem subpackage (patch from Remi Collet)
 - create /etc/nginx/default.d as a drop-in directory for configuration files
  for the default server block
 - clean up nginx.conf
 * Wed Sep 17 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-1
 - update to upstream release 1.6.2
 - CVE-2014-3616 nginx: virtual host confusion (#1142573)
 * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.6.1-4
 - Perl 5.20 rebuild
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-2
 - add logic for EPEL 7
 * Tue Aug 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.1-1
 - update to upstream release 1.6.1
 - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw
 * Wed Jul 02 2014 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.6.0-3
 - Fix FTBFS on aarch64 (#1115559)
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.6.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Sat Apr 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.0-1
 - update to upstream release 1.6.0
 * Tue Mar 18 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.7-1
 - update to upstream release 1.4.7
 * Wed Mar 05 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.6-1
 - update to upstream release 1.4.6
 * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-2
 - avoid multiple index directives (#1065488)
 * Sun Feb 16 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.5-1
 - update to upstream release 1.4.5
 * Wed Nov 20 2013 Peter Borsa <peter.borsa@gmail.com> - 1:1.4.4-1
 - Update to upstream release 1.4.4
 - Security fix BZ 1032267
 * Sun Nov 03 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.3-1
 - update to upstream release 1.4.3
 * Fri Aug 09 2013 Jonathan Steffan <jsteffan@fedoraproject.org> - 1:1.4.2-3
 - Add in conditionals to build for non-systemd targets
 * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.2-2
 - Perl 5.18 rebuild
 * Fri Jul 19 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.2-1
 - update to upstream release 1.4.2
 * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.4.1-3
 - Perl 5.18 rebuild
 * Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 1:1.4.1-2
 - rebuild for new GD 2.1.0
 * Tue May 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.1-1
 - update to upstream release 1.4.1 (#960605, #960606):
  CVE-2013-2028 stack-based buffer overflow when handling certain chunked
  transfer encoding requests
 * Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.4.0-2
 - gperftools exist only on selected arches
 * Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.4.0-1
 - update to upstream release 1.4.0
 - enable SPDY module (new in this version)
 - enable http gunzip module (new in this version)
 - enable google perftools module and add gperftools-devel to BR
 - enable debugging (#956845)
 - trim changelog
 * Tue Apr 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
 - update to upstream release 1.2.8
 * Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
 - make sure nginx directories are not world readable (#913724, #913735)
 * Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
 - update to upstream release 1.2.7
 - add .asc file
 * Tue Feb 05 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
 - use 'kill' instead of 'systemctl' when rotating log files to workaround
  SELinux issue (#889151)
 * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
 - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
  conf.d directory empty (#903065)
 * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
 - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
  (#903065)
 * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
 - use correct file ownership when rotating log files
 * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
 - send correct kill signal and use correct file permissions when rotating
  log files (#888225)
 - send correct kill signal in nginx-upgrade
 * Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
 - update to upstream release 1.2.6
 * Sat Nov 17 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.5-1
 - update to upstream release 1.2.5
 * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.4-1
 - update to upstream release 1.2.4
 - introduce new systemd-rpm macros (#850228)
 - link to official documentation not the community wiki (#870733)
 - do not run systemctl try-restart after package upgrade to allow the
  administrator to run nginx-upgrade and avoid downtime
 - add nginx man page (#870738)
 - add nginx-upgrade man page and remove README.fedora
 - remove chkconfig from Requires(post/preun)
 - remove initscripts from Requires(preun/postun)
 - remove separate configuration files in "/etc/nginx/conf.d" directory
  and revert to upstream default of a centralized nginx.conf file
  (#803635) (#842738)
 * Fri Sep 21 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.3-1
 - update to upstream release 1.2.3
 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.2.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.1-2
 - Perl 5.16 rebuild
 * Sun Jun 10 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.1-1
 - update to upstream release 1.2.1
 * Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 1:1.2.0-2
 - Perl 5.16 rebuild
 * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.0-1
 - update to upstream release 1.2.0
 * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4
 - add nginx-upgrade to replace functionality from the nginx initscript
  that was lost after migration to systemd
 - add README.fedora to describe usage of nginx-upgrade
 - nginx.logrotate: use built-in systemd kill command in postrotate script
 - nginx.service: start after syslog.target and network.target
 - nginx.service: remove unnecessary references to config file location
 - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
  advice from nginx-devel
 - nginx.service: use private /tmp
 * Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3
 - fix incorrect postrotate script in nginx.logrotate
 * Thu Apr 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-2
 - renable auto-cc-gcc patch due to warnings on rawhide
 * Sat Apr 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-1
 - update to upstream release 1.0.15
 - no need to apply auto-cc-gcc patch
 - add %%global _hardened_build 1
 * Thu Mar 15 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.14-1
 - update to upstream release 1.0.14
 - amend some %%changelog formatting
 * Tue Mar 06 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.13-1
 - update to upstream release 1.0.13
 - amend --pid-path and --log-path
 * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-5
 - change pid path in nginx.conf to match systemd service file
 * Sun Mar 04 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-3
 - fix %%pre scriptlet
 * Mon Feb 20 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.12-2
 - update upstream URL
 - replace %%define with %%global
 - remove obsolete BuildRoot tag, %%clean section and %%defattr
 - remove various unnecessary commands
 - add systemd service file and update scriptlets
 - add Epoch to accommodate %%triggerun as part of systemd migration
 * Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.12-1
 - Update to 1.0.12
 * Thu Nov 17 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.10-1
 - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
 - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
 - Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora.
 * Thu Oct 27 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.8-1
 - Update to new 1.0.8 stable release
 * Fri Aug 26 2011 Keiran "Affix" Smith <fedora@affix.me> - 1.0.5-1
 - Update nginx to Latest Stable Release
 * Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-3
 - Perl mass rebuild
 * Thu Jun 09 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.0.0-2
 - Perl 5.14 mass rebuild
 * Wed Apr 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.0.0-1
 - Update to 1.0.0
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.53-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53.5
 - Extract out default config into its own file (bug #635776)
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-4
 - Revert ownership of log dir
 * Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-3
 - Change ownership of /var/log/nginx to be 0700 nginx:nginx
 - update init script to use killproc -p
 - add reopen_logs command to init script
 - update init script to use nginx -q option
 * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-2
 - Fix linking of perl module
 * Sun Oct 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.53-1
 - Update to new stable 0.8.53
 * Sat Jul 31 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-2
 - add Provides: webserver (bug #619693)
 * Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.67-1
 - Update to new stable 0.7.67
 - fix bugzilla #591543
 * Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 0.7.65-2
 - Mass rebuild with perl-5.12.0
 * Mon Feb 15 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.65-1
 - Update to new stable 0.7.65
 - change ownership of logdir to root:root
 - add support for ipv6 (bug #561248)
 - add random_index_module
 - add secure_link_module
 * Fri Dec 04 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1
 - Update to new stable 0.7.64
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1 @@
 resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,25 @@
 --- !Policy
 product_versions:
  - fedora-*
 decision_contexts: [bodhi_update_push_testing]
 subject_type: koji_build
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 #gating rawhide
 --- !Policy
 product_versions:
  - fedora-*
 decision_contexts: [bodhi_update_push_stable]
 subject_type: koji_build
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 #gating rhel
 --- !Policy
 product_versions:
  - rhel-*
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
--- a/macros.nginxmods.in
+++ b/macros.nginxmods.in
@ -0,0 +1,20 @@
 %_nginx_abiversion @@NGINX_ABIVERSION@@
 %_nginx_srcdir @@NGINX_SRCDIR@@
 %_nginx_buildsrcdir nginx-src
 %_nginx_modsrcdir ..
 %_nginx_modbuilddir ../%{_vpath_builddir}
 %nginx_moddir @@NGINX_MODDIR@@
 %nginx_modconfdir @@NGINX_MODCONFDIR@@
 %nginx_modrequires Requires: nginx(abi) = %{_nginx_abiversion}
 %nginx_modconfigure(:-:) \\\
  %undefine _strict_symbol_defs_build \
  cp -a "%{_nginx_srcdir}" "%{_nginx_buildsrcdir}" \
  cd "%{_nginx_buildsrcdir}" \
  nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" \
  ./configure --with-compat --with-cc-opt="%{optflags} $(pcre-config --cflags)" --with-ld-opt="$nginx_ldopts" \\\
              --add-dynamic-module=$(realpath %{_nginx_modsrcdir}) --builddir=$(realpath %{_nginx_modbuilddir}) %{**} \
  cd -
 %nginx_modbuild %{__make} -C "%{_nginx_buildsrcdir}" %{_make_output_sync} %{?_smp_mflags} %{_make_verbose} modules
--- a/maxim.key
+++ b/maxim.key
@ -0,0 +1,81 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
 N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
 TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
 oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
 rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
 ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
 g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
 gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
 Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
 K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
 aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
 tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
 CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
 1AUCY88PtQUJDSXXWwAKCRCcXn+i9Ul31EA9D/9RvgNAn+StYCRAJATj1MhmPN/a
 DP7DgqBvxjxAQVJtEbVypN0gGNi/pE7AjCG53wtCQaABAaSGikViOUFJu39VSj+a
 NyW1JQ0XOhZNJ7pMq1S7mgq1ibrbfb7Vlys25xoUsps3vVXt9ciVGW8GQ57sDcpY
 8Yp4X4GFbrcgu67bebJVcfzG61JkFxrBIZ45jaMRS6xpGiwvQw6DcpO1SAI7TGPt
 3uhRfj3yU9v++/ULzHg7Zq5d74BCcu6o1O59/juPKcS4Bym+d7nlp/AXFiEPAI7v
 RfXvlzNDncA/s4msEqaT1fPDAG8E9m01Hl3uoCn87H5BBM88rk47PslixNamX8sX
 pftEPOD4QMFNY0GsVS6/9OIAetaq08R5XjhJoXS2Z7VJWqJYmu0800LpIzNljsEf
 9Vt0z/ROKtykSB58OQKIV6EqcA1Dts7TlVFFE5tERMszghBJP++VZ52W6pUAZtXH
 26GQzzqcMSfjjw6RpsuyofsKMX2xAG3+z2ZFHzaRLi7kXNKcomOZO1DgsREwkzYL
 lLeuwcOuZaMauHy/Rds1Wo99eg8+qcFd67sefZMDkgqGZ+xE3+4qwZNBhZLGg7Rq
 hLQI0d1Qmr7PgJfzvEnm8/+5sN4jsatv6glVfYYUTwB7PQDDqT+y8rsvKJYnNjqI
 mBmazculVduYimFZ74hdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
 qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
 uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
 PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
 8+6RBpxef6L1SXfUBQJjzw/CBQkNJddbAAoJEJxef6L1SXfUZM0P/j8qRgh1x/d4
 IjdlsArTyL5vLJUFzK2s6DEBhDiLJ5ehU77CY9eakITFkzsUbq+BJ7nG6/s763Mq
 HQ/bVcVQwl0iOq7QICL1N3ficKKd3WAZuuzBxDO3/MT128MDWMKOUu2jZiStctuM
 OaLaw9JtdTwPTvHFkOb1Ji6YY0XhYyJoPd5LufooHRT7WF7TYGk05JIrxYaYWi8/
 Rd+GWnU8qKAmw3NQ305ia6xEaPi5rkl+zxS4+bfs+H9rJ1dRM+nCwXABr5Db1amL
 t3J6JmXRJLdhGq1ZuAIuO1Irdxe+e0cGSWkUaC+9s9OQcBAxfZ0QSEDrI3/NF362
 yKYsmolQwxhvnhlS6maL7ySUSdd5AVzucAX4q3aQ5qzruV+VI9gDZHvUAEwNn3qL
 H3zhs05LQ3lCM5lWOs78N8yVRyyfzwxK/f01DQfvXm9nLD1mXOz91B0lkaosflfF
 8bjqwS930P0aOiGzBJ29qiVIukmrKWpV8L89yUePdFp2Qt59/cLZub1K8S4VuIl+
 AaQpaT4TXE9jz9sprChmuE8vrusI0VYNF+M6ZM5OhVb6QfBX911k2esBiVWLbF9A
 1E04CIMiYUNc9q+uqqIotJmw1F8QrCZBMm4H3dZHmvYL2tXuiBfaGoc7NljGSJx4
 R9bo2E8xd+T+K8PE6jILbnHdtlZiZ3EjiF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
 8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
 ZgCfV/cclX++mLyiyYqr2BXnrQk4NVGJAk4EEwEKADgWIQRB25JxPTv0v/PukQac
 Xn+i9Ul31AUCXhOoqAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCcXn+i
 9Ul31E1LD/4yIPvNAf0x57jvphENedjXzA0DQOnzGc5MVLVsyLw4zYMGJxP2CXYN
 dUIGBKssoWiUDnEEVF4BNnrkrVO7y9XKWrXhDKI0Q23rau+2TyQ5VLT7Bgsf2QL5
 d1H/gdQvToIIQUEITipW81TmFzZlQzjvuivDmcLnYGJQzrEY/4UdC8lzH2noC3PR
 mC9O98DQgKn72RV1YMAhSfmLFnLFjmZQTHKAbWnVNuPvt4/Hmd/kFem4TOznbtG1
 Fa3Hvlb04crLRKns7pf4QQCd/pAp4WjMVyWf4LX44xYziqV3xKVUObv4lKWNO3/P
 VUb2ka3hKwyIKXiVpqheOd48+c/Kcm/L8mdJdA6+SVrCKBzWRMYPBEfzAVqeaj40
 qsNMfbuUgUc+m5f/45UiwWCoQrK5q5lKf9sIQ6RU3Yln43XJ7hP2urgvlW5ZMkW6
 qGJ6G6ANVVT2jouqQaYIa2nvMTjEOXh2xzjSw132FHxfr417MeLhQS4JZurMVViA
 u2SyyLN5oTU2i3+EzhR3DluHMNDz1K9C6SkJJQ+vWAtBaCer/02uxqxqOEnbKxEg
 RWgKVrMRya/5vDp1Lz/PvR8tc3ne4Yd/OZdqSHFLXIofJStsIlKPnELdIuOg8R7X
 594W4XX94V3n12hiiCU+CPFBRL/4PZV8CtbLY5rNFCdpiiN+EP35rbkCDQReE6ha
 ARAA6aSKum1vKZRHYk/0Os97toQttTDhtwzHj+dCjVDIrGMOFR2BS6Lg6KrGaEyN
 PYiWAW9xiwx4uJgZr8R0GR1irgO0TBz77Z7JsVADXPoeuT6zF13yd43hrNRrmypW
 9TB6dDtQw9yVJAloTWdUYJkopXI2wrfpEmsTQl92YTXMpkVaZMJNn8P+FMKr6GMy
 kJX5VYVrPeHhL5exmIGAsHj7ObIePJToT55wQu8AehfAxsA+IXPOazzbgVzUEoeO
 dzwEHN9RV0gEaHE5U0cNKPejE+yIGe69KVAyUbHRg0vD+1N/D4IU6i3mj8oir2y9
 Snxb2Z2PqQpqoEs3GmMduFDK9VIrs7m5LrZ6YweRHCC7W2Y/3x3dsaVdGf5L7YwK
 7Kp0VorjQHq+eQ+demXmCATDwmgfXVqE14nm1fz8mlf/RpCZqm3sIrByAQslqn5C
 nyL8wVd5/sUr+cTSUUgv3miX262F39t5fp3P8QTDrWULXs6l3fLQ34PL54nTBtQt
 2AqtuVnQ/Gy6Yt4gIYuzv8873/edAclGOYVpUbXS3lsv/vuC9DiXsdy4tLUYYeH5
 EzoSwW66Koj5oVwMXJEhOWKDRBGrjL8LqeqFNYTJiuIiLwOronFeKySULVa9IiA/
 CrX+ayatuIpwlkU+g20xW053MvedozkhY5rb3RHnjUaOQRUAEQEAAYkCPAQYAQoA
 JgIbDBYhBEHbknE9O/S/8+6RBpxef6L1SXfUBQJjzwtWBQkNJdL8AAoJEJxef6L1
 SXfU/YEP/AnuEZX3l/5bIFauUvA496j9REgSUXvMZhHi7pTd3sjgVZvax/WJ+ZNQ
 N0sFHFSO0wjHJPpJw3LVBqq1LzuLz4jdnWwtD5XWEBybVbN8TblRMA5NhT/KzZW6
 4LF2r64UjMtm03ry8RGOvWlX56/qT7eD6QM8Xo4zL6g1W3+XID0+hQ7zwxSHZqUm
 It8LE90eTwcGAMVvZ4BJ58bWpujbMsFcWX9oIbDaaJD+hhI209a4znFmF4iOHdEd
 nLYwe0PiIn3+nyNzJ5EQ/Qvor65BagGYeVQE8BhaPi8vkr9PBY+tIY9pzj+jWB8f
 MuScfSyGlja1VhrlwMpB4VxcVBgFp31LN5NPn8XqIoOQBDqYA6JDfQtMznZtpb8H
 u2Tx7bmLwit6MrCu9q66yzYZZ5jg8onbG5QthLER3Qi+m8My7dSlAvruvXS+xoOH
 kLjtJ+wx2joVAnvf+VPLqlLJGeuNQP8Ji2EpMw73FIeWLakZKAZRHzQgiV3nGDFX
 98Wo6hmHbP0eU4NT8kFKte/PIsKUo5LBbZrb5S7MPWvqXDo2iKthaAqA+rxUY0Zu
 Rv+Ij5IqzTZyStejJGngIQlABi4jtSpf6LdRPW3GpNZ5pUi1DNmfmxVl4xmV5enE
 53YQML90r5jsKt/JloNWYEUd7nM+801WiCqlr7lltunhIYyMTA7C
 =5smL
 -----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/nginx-logo.png
+++ b/SOURCES/nginx-logo.png
--- a/3
+++ b/3
@ -0,0 +1,3 @@
 #!/bin/sh
 exec /bin/systemd-ask-password "Enter TLS private key passphrase for $1 ($2) : "
--- a/SOURCES/nginx-upgrade
+++ b/SOURCES/nginx-upgrade
--- a/SOURCES/nginx-upgrade.8
+++ b/SOURCES/nginx-upgrade.8
--- a/SOURCES/nginx.conf
+++ b/SOURCES/nginx.conf
@ -4,7 +4,7 @@
 user nginx;
 worker_processes auto;
-error_log /var/log/nginx/error.log;
+error_log /var/log/nginx/error.log notice;
 pid /run/nginx.pid;
 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
@ -23,9 +23,8 @@ http {
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
-    types_hash_max_size 2048;
+    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
@ -36,31 +35,21 @@ http {
    include /etc/nginx/conf.d/*.conf;
    server {
-        listen       80 default_server;
+        listen       80;
-        listen       [::]:80 default_server;
+        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location / {
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
 # Settings for a TLS enabled server.
 #
 #    server {
-#        listen       443 ssl http2 default_server;
+#        listen       443 ssl;
-#        listen       [::]:443 ssl http2 default_server;
+#        listen       [::]:443 ssl;
 #        http2        on;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
@ -73,17 +62,6 @@ http {
 #
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
 #
 #        location / {
 #        }
 #
 #        error_page 404 /404.html;
 #            location = /40x.html {
 #        }
 #
 #        error_page 500 502 503 504 /50x.html;
 #            location = /50x.html {
 #        }
 #    }
 }
--- a/SOURCES/nginx.logrotate
+++ b/SOURCES/nginx.logrotate
@ -1,10 +1,11 @@
-/var/log/nginx/*log {
+/var/log/nginx/*.log {
-    create 0664 nginx root
+    create 0640 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
--- a/SOURCES/nginx.service
+++ b/SOURCES/nginx.service
@ -1,6 +1,7 @@
 [Unit]
 Description=The nginx HTTP and reverse proxy server
-After=network.target remote-fs.target nss-lookup.target
+After=network-online.target remote-fs.target nss-lookup.target
 Wants=network-online.target
 [Service]
 Type=forking
@ -11,7 +12,7 @@ PIDFile=/run/nginx.pid
 ExecStartPre=/usr/bin/rm -f /run/nginx.pid
 ExecStartPre=/usr/sbin/nginx -t
 ExecStart=/usr/sbin/nginx
-ExecReload=/bin/kill -s HUP $MAINPID
+ExecReload=/usr/sbin/nginx -s reload
 KillSignal=SIGQUIT
 TimeoutStopSec=5
 KillMode=mixed
--- a/nginx.spec
+++ b/nginx.spec
@ -0,0 +1,620 @@
 %global  _hardened_build     1
 %global  nginx_user          nginx
 # Disable strict symbol checks in the link editor.
 # See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
 %undefine _strict_symbol_defs_build
 %bcond_with geoip
 # nginx gperftools support should be disabled for RHEL >= 8
 # see: https://bugzilla.redhat.com/show_bug.cgi?id=1931402
 %if 0%{?rhel} >= 8
 %global with_gperftools 0
 %else
 # gperftools exists only on selected arches
 # gperftools *detection* is failing on ppc64*, possibly only configure
 # bug, but disable anyway.
 %ifnarch s390 s390x ppc64 ppc64le
 %global with_gperftools 1
 %endif
 %endif
 %global with_aio 1
 %if 0%{?fedora} > 40 || 0%{?rhel} > 9
 %bcond_with engine
 %else
 %bcond_without engine
 %endif
 %if 0%{?fedora} > 22
 %global with_mailcap_mimetypes 1
 %endif
 # kTLS requires OpenSSL 3.0 (default in F36+ and EL9+, available in EPEL8)
 %if 0%{?fedora} >= 36 || 0%{?rhel} >= 8
 %global with_ktls 1
 %endif
 # Build against OpenSSL 1.1 on EL7
 %if 0%{?rhel} == 7
 %global openssl_pkgversion 11
 %endif
 # Build against OpenSSL 3 on EL8
 %if 0%{?rhel} == 8
 %global openssl_pkgversion 3
 %endif
 # Cf. https://www.nginx.com/blog/creating-installable-packages-dynamic-modules/
 %global nginx_abiversion %{version}
 %global nginx_moduledir %{_libdir}/nginx/modules
 %global nginx_moduleconfdir %{_datadir}/nginx/modules
 %global nginx_srcdir %{_usrsrc}/%{name}-%{version}-%{release}
 # Do not generate provides/requires from nginx sources
 %global __provides_exclude_from ^%{nginx_srcdir}/.*$
 %global __requires_exclude_from ^%{nginx_srcdir}/.*$
 Name:              nginx
 Epoch:             2
 Version:           1.26.1
 Release:           %autorelease
 Summary:           A high performance web server and reverse proxy server
 License:           BSD-2-Clause
 URL:               https://nginx.org
 Source0:           https://nginx.org/download/nginx-%{version}.tar.gz
 Source1:           https://nginx.org/download/nginx-%{version}.tar.gz.asc
 # Keys are found here: https://nginx.org/en/pgp_keys.html
 Source2:           https://nginx.org/keys/maxim.key
 Source3:           https://nginx.org/keys/arut.key
 Source4:           https://nginx.org/keys/pluknet.key
 Source5:           https://nginx.org/keys/sb.key
 Source6:           https://nginx.org/keys/thresh.key
 Source10:          nginx.service
 Source11:          nginx.logrotate
 Source12:          nginx.conf
 Source13:          nginx-upgrade
 Source14:          nginx-upgrade.8
 Source15:          macros.nginxmods.in
 Source16:          nginxmods.attr
 Source17:          nginx-ssl-pass-dialog
 Source102:         nginx-logo.png
 Source200:         README.dynamic
 Source210:         UPGRADE-NOTES-1.6-to-1.10
 # removes -Werror in upstream build scripts.  -Werror conflicts with
 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 Patch0:            0001-remove-Werror-in-upstream-build-scripts.patch
 # downstream patch - fix PIDFile race condition (rhbz#1869026)
 # rejected upstream: https://trac.nginx.org/nginx/ticket/1897
 Patch1:            0002-fix-PIDFile-handling.patch
 # downstream patch - Add ssl-pass-phrase-dialog helper script for
 # encrypted private keys with pass phrase decryption
 Patch2:            0003-Add-SSL-passphrase-dialog.patch
 # downstream patch - Disable ENGINE support by default for F41+
 Patch3:            0004-Disable-ENGINE-support.patch
 # downstream patch - Compile perl module with O2
 Patch4:            0005-Compile-perl-module-with-O2.patch
 BuildRequires:     make
 BuildRequires:     gcc
 BuildRequires:     gnupg2
 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
 %endif
 BuildRequires:     openssl%{?openssl_pkgversion}-devel
 BuildRequires:     pcre2-devel
 BuildRequires:     zlib-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}
 %if 0%{?el7}
 # centos-logos el7 does not provide 'system-indexhtml'
 Requires:          system-logos redhat-indexhtml
 # need to remove epel7 geoip sub-package, doesn't work anymore
 # https://bugzilla.redhat.com/show_bug.cgi?id=1576034
 # https://bugzilla.redhat.com/show_bug.cgi?id=1664957
 Obsoletes:         nginx-mod-http-geoip <= 1:1.16
 %else
 Requires:          system-logos-httpd
 %endif
 Provides:          webserver
 %if 0%{?fedora} || 0%{?rhel} >= 8
 Recommends:        logrotate
 %endif
 Requires:          %{name}-core = %{epoch}:%{version}-%{release}
 BuildRequires:     systemd
 Requires(post):    systemd
 Requires(preun):   systemd
 Requires(postun):  systemd
 # For external nginx modules
 Provides:          nginx(abi) = %{nginx_abiversion}
 %description
 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
 IMAP protocols, with a strong focus on high concurrency, performance and low
 memory usage.
 %package core
 Summary: nginx minimal core
 %if 0%{?with_mailcap_mimetypes}
 Requires:          nginx-mimetypes
 %endif
 Requires:          openssl%{?openssl_pkgversion}-libs
 Requires(pre):     nginx-filesystem
 Conflicts:         nginx < 1:1.20.2-4
 %description core
 nginx minimal core
 %package all-modules
 Summary:           A meta package that installs all available Nginx modules
 BuildArch:         noarch
 %if %{with geoip}
 Requires:          nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
 %endif
 Requires:          nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-http-perl = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-mail = %{epoch}:%{version}-%{release}
 Requires:          nginx-mod-stream = %{epoch}:%{version}-%{release}
 %description all-modules
 Meta package that installs all available nginx modules.
 %package filesystem
 Summary:           The basic directory layout for the Nginx server
 BuildArch:         noarch
 Requires(pre):     shadow-utils
 %description filesystem
 The nginx-filesystem package contains the basic directory layout
 for the Nginx server including the correct permissions for the
 directories.
 %if %{with geoip}
 %package mod-http-geoip
 Summary:           Nginx HTTP geoip module
 BuildRequires:     GeoIP-devel
 Requires:          nginx(abi) = %{nginx_abiversion}
 Requires:          GeoIP
 %description mod-http-geoip
 %{summary}.
 %endif
 %package mod-http-image-filter
 Summary:           Nginx HTTP image filter module
 BuildRequires:     gd-devel
 Requires:          nginx(abi) = %{nginx_abiversion}
 Requires:          gd
 %description mod-http-image-filter
 %{summary}.
 %package mod-http-perl
 Summary:           Nginx HTTP perl module
 BuildRequires:     perl-devel
 %if 0%{?fedora} >= 24 || 0%{?rhel} >= 7
 BuildRequires:     perl-generators
 %endif
 BuildRequires:     perl(ExtUtils::Embed)
 Requires:          nginx(abi) = %{nginx_abiversion}
 Requires:          perl(constant)
 %description mod-http-perl
 %{summary}.
 %package mod-http-xslt-filter
 Summary:           Nginx XSLT module
 BuildRequires:     libxslt-devel
 Requires:          nginx(abi) = %{nginx_abiversion}
 %description mod-http-xslt-filter
 %{summary}.
 %package mod-mail
 Summary:           Nginx mail modules
 Requires:          nginx(abi) = %{nginx_abiversion}
 %description mod-mail
 %{summary}.
 %package mod-stream
 Summary:           Nginx stream modules
 Requires:          nginx(abi) = %{nginx_abiversion}
 %description mod-stream
 %{summary}.
 %package mod-devel
 Summary:           Nginx module development files
 Requires:          nginx = %{epoch}:%{version}-%{release}
 Requires:          make
 Requires:          gcc
 Requires:          gd-devel
 %if 0%{?with_gperftools}
 Requires:          gperftools-devel
 %endif
 %if %{with geoip}
 Requires:          GeoIP-devel
 %endif
 Requires:          libxslt-devel
 Requires:          openssl%{?openssl_pkgversion}-devel
 Requires:          pcre2-devel
 Requires:          perl-devel
 Requires:          perl(ExtUtils::Embed)
 Requires:          zlib-devel
 %description mod-devel
 %{summary}.
 %prep
 # Combine all keys from upstream into one file
 cat %{S:2} %{S:3} %{S:4} %{S:5} %{S:6} > %{_builddir}/%{name}.gpg
 %{gpgverify} --keyring='%{_builddir}/%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
 %if 0%{?rhel} > 0 && 0%{?rhel} < 8
 sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
 sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
 %endif
 %if 0%{?openssl_pkgversion}
 sed \
  -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl%{openssl_pkgversion}|' \
  -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl%{openssl_pkgversion} |' \
  -i auto/lib/openssl/conf
 %endif
 # Prepare sources for installation
 cp -a ../%{name}-%{version} ../%{name}-%{version}-%{release}-src
 mv ../%{name}-%{version}-%{release}-src .
 %build
 # nginx does not utilize a standard configure script.  It has its own
 # and the standard configure options cause the nginx configure script
 # to error out.  This is is also the reason for the DESTDIR environment
 # variable.
 export DESTDIR=%{buildroot}
 # So the perl module finds its symbols:
 nginx_ldopts="$RPM_LD_FLAGS -Wl,-E -O2"
 if ! ./configure \
    --prefix=%{_datadir}/nginx \
    --sbin-path=%{_sbindir}/nginx \
    --modules-path=%{nginx_moduledir} \
    --conf-path=%{_sysconfdir}/nginx/nginx.conf \
    --error-log-path=%{_localstatedir}/log/nginx/error.log \
    --http-log-path=%{_localstatedir}/log/nginx/access.log \
    --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
    --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
    --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
    --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
    --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
    --pid-path=/run/nginx.pid \
    --lock-path=/run/lock/subsys/nginx \
    --user=%{nginx_user} \
    --group=%{nginx_user} \
    --with-compat \
    --with-debug \
 %if 0%{?with_aio}
    --with-file-aio \
 %endif
 %if 0%{?with_gperftools}
    --with-google_perftools_module \
 %endif
    --with-http_addition_module \
    --with-http_auth_request_module \
    --with-http_dav_module \
    --with-http_degradation_module \
    --with-http_flv_module \
 %if %{with geoip}
    --with-http_geoip_module=dynamic \
    --with-stream_geoip_module=dynamic \
 %endif
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_image_filter_module=dynamic \
    --with-http_mp4_module \
    --with-http_perl_module=dynamic \
    --with-http_random_index_module \
    --with-http_realip_module \
    --with-http_secure_link_module \
    --with-http_slice_module \
    --with-http_ssl_module \
    --with-http_stub_status_module \
    --with-http_sub_module \
    --with-http_v2_module \
    --with-http_v3_module \
    --with-http_xslt_module=dynamic \
    --with-mail=dynamic \
    --with-mail_ssl_module \
 %if 0%{?with_ktls}
    --with-openssl-opt=enable-ktls \
 %endif
 %if %{without engine}
    --without-engine \
 %endif
    --with-pcre \
    --with-pcre-jit \
    --with-stream=dynamic \
    --with-stream_realip_module \
    --with-stream_ssl_module \
    --with-stream_ssl_preread_module \
    --with-threads \
    --with-cc-opt="%{optflags} $(pcre2-config --cflags)" \
    --with-ld-opt="$nginx_ldopts"; then
  : configure failed
  cat objs/autoconf.err
  exit 1
 fi
 %make_build
 %install
 %make_install INSTALLDIRS=vendor
 find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
 find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
 find %{buildroot} -type f -empty -exec rm -f '{}' \;
 find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
 install -p -D -m 0644 ./nginx.service \
    %{buildroot}%{_unitdir}/nginx.service
 install -p -D -m 0644 %{SOURCE11} \
    %{buildroot}%{_sysconfdir}/logrotate.d/nginx
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system/nginx.service.d
 install -p -d -m 0755 %{buildroot}%{_unitdir}/nginx.service.d
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
 install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
 install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
 install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
 install -p -d -m 0755 %{buildroot}%{nginx_moduleconfdir}
 install -p -d -m 0755 %{buildroot}%{nginx_moduledir}
 install -p -m 0644 ./nginx.conf \
    %{buildroot}%{_sysconfdir}/nginx
 rm -f %{buildroot}%{_datadir}/nginx/html/index.html
 %if 0%{?el7}
 ln -s ../../doc/HTML/index.html \
      %{buildroot}%{_datadir}/nginx/html/index.html
 ln -s ../../doc/HTML/img \
      %{buildroot}%{_datadir}/nginx/html/img
 ln -s ../../doc/HTML/en-US \
      %{buildroot}%{_datadir}/nginx/html/en-US
 %else
 ln -s ../../testpage/index.html \
      %{buildroot}%{_datadir}/nginx/html/index.html
 %endif
 install -p -m 0644 %{SOURCE102} \
    %{buildroot}%{_datadir}/nginx/html
 ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png
 mkdir -p %{buildroot}%{_datadir}/nginx/html/icons
 # Symlink for the powered-by-$DISTRO image:
 ln -s ../../../pixmaps/poweredby.png \
      %{buildroot}%{_datadir}/nginx/html/icons/poweredby.png
 %if 0%{?rhel} >= 9
 ln -s ../../pixmaps/system-noindex-logo.png \
      %{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png
 %endif
 %if 0%{?with_mailcap_mimetypes}
 rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
 %endif
 install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \
    %{buildroot}%{_mandir}/man8/nginx.8
 install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
 install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
 for i in ftdetect ftplugin indent syntax; do
    install -p -D -m644 contrib/vim/${i}/nginx.vim \
        %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
 done
 %if %{with geoip}
 echo 'load_module "%{nginx_moduledir}/ngx_http_geoip_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-http-geoip.conf
 %endif
 echo 'load_module "%{nginx_moduledir}/ngx_http_image_filter_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-http-image-filter.conf
 echo 'load_module "%{nginx_moduledir}/ngx_http_perl_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-http-perl.conf
 echo 'load_module "%{nginx_moduledir}/ngx_http_xslt_filter_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-http-xslt-filter.conf
 echo 'load_module "%{nginx_moduledir}/ngx_mail_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-mail.conf
 echo 'load_module "%{nginx_moduledir}/ngx_stream_module.so";' \
    > %{buildroot}%{nginx_moduleconfdir}/mod-stream.conf
 # Install files for supporting nginx module builds
 ## Install source files
 mkdir -p %{buildroot}%{_usrsrc}
 mv %{name}-%{version}-%{release}-src %{buildroot}%{nginx_srcdir}
 ## Install rpm macros
 mkdir -p %{buildroot}%{_rpmmacrodir}
 sed -e "s|@@NGINX_ABIVERSION@@|%{nginx_abiversion}|g" \
    -e "s|@@NGINX_MODDIR@@|%{nginx_moduledir}|g" \
    -e "s|@@NGINX_MODCONFDIR@@|%{nginx_moduleconfdir}|g" \
    -e "s|@@NGINX_SRCDIR@@|%{nginx_srcdir}|g" \
    %{SOURCE15} > %{buildroot}%{_rpmmacrodir}/macros.nginxmods
 ## Install dependency generator
 install -Dpm0644 %{SOURCE16} %{buildroot}%{_fileattrsdir}/nginxmods.attr
 # install http-ssl-pass-dialog
 mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
 install -m755 $RPM_SOURCE_DIR/nginx-ssl-pass-dialog \
        $RPM_BUILD_ROOT%{_libexecdir}/nginx-ssl-pass-dialog
 %pre filesystem
 getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
 getent passwd %{nginx_user} > /dev/null || \
    useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
    -s /sbin/nologin -c "Nginx web server" %{nginx_user}
 exit 0
 %post
 %systemd_post nginx.service
 %if %{with geoip}
 %post mod-http-geoip
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %endif
 %post mod-http-image-filter
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-http-perl
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-http-xslt-filter
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-mail
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %post mod-stream
 if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi
 %preun
 %systemd_preun nginx.service
 %postun
 %systemd_postun nginx.service
 if [ $1 -ge 1 ]; then
    /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
 fi
 %files
 %if 0%{?rhel} == 7
 %doc UPGRADE-NOTES-1.6-to-1.10
 %endif
 %{_datadir}/nginx/html/*
 %{_bindir}/nginx-upgrade
 %{_datadir}/vim/vimfiles/ftdetect/nginx.vim
 %{_datadir}/vim/vimfiles/ftplugin/nginx.vim
 %{_datadir}/vim/vimfiles/syntax/nginx.vim
 %{_datadir}/vim/vimfiles/indent/nginx.vim
 %{_mandir}/man3/nginx.3pm*
 %{_mandir}/man8/nginx.8*
 %{_mandir}/man8/nginx-upgrade.8*
 %{_unitdir}/nginx.service
 %{_libexecdir}/nginx-ssl-pass-dialog
 %files core
 %license LICENSE
 %doc CHANGES README README.dynamic
 %{_sbindir}/nginx
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
 %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/koi-utf
 %config(noreplace) %{_sysconfdir}/nginx/koi-win
 %if ! 0%{?with_mailcap_mimetypes}
 %config(noreplace) %{_sysconfdir}/nginx/mime.types
 %endif
 %config(noreplace) %{_sysconfdir}/nginx/mime.types.default
 %config(noreplace) %{_sysconfdir}/nginx/nginx.conf
 %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
 %config(noreplace) %{_sysconfdir}/nginx/scgi_params
 %config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
 %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
 %config(noreplace) %{_sysconfdir}/nginx/win-utf
 %config(noreplace) %{_sysconfdir}/logrotate.d/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
 %attr(711,root,root) %dir %{_localstatedir}/log/nginx
 %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log
 %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log
 %dir %{nginx_moduledir}
 %dir %{nginx_moduleconfdir}
 %files all-modules
 %files filesystem
 %dir %{_datadir}/nginx
 %dir %{_datadir}/nginx/html
 %dir %{_sysconfdir}/nginx
 %dir %{_sysconfdir}/nginx/conf.d
 %dir %{_sysconfdir}/nginx/default.d
 %dir %{_sysconfdir}/systemd/system/nginx.service.d
 %dir %{_unitdir}/nginx.service.d
 %if %{with geoip}
 %files mod-http-geoip
 %{nginx_moduleconfdir}/mod-http-geoip.conf
 %{nginx_moduledir}/ngx_http_geoip_module.so
 %endif
 %files mod-http-image-filter
 %{nginx_moduleconfdir}/mod-http-image-filter.conf
 %{nginx_moduledir}/ngx_http_image_filter_module.so
 %files mod-http-perl
 %{nginx_moduleconfdir}/mod-http-perl.conf
 %{nginx_moduledir}/ngx_http_perl_module.so
 %dir %{perl_vendorarch}/auto/nginx
 %{perl_vendorarch}/nginx.pm
 %{perl_vendorarch}/auto/nginx/nginx.so
 %files mod-http-xslt-filter
 %{nginx_moduleconfdir}/mod-http-xslt-filter.conf
 %{nginx_moduledir}/ngx_http_xslt_filter_module.so
 %files mod-mail
 %{nginx_moduleconfdir}/mod-mail.conf
 %{nginx_moduledir}/ngx_mail_module.so
 %files mod-stream
 %{nginx_moduleconfdir}/mod-stream.conf
 %{nginx_moduledir}/ngx_stream_module.so
 %files mod-devel
 %{_rpmmacrodir}/macros.nginxmods
 %{_fileattrsdir}/nginxmods.attr
 %{nginx_srcdir}/
 %changelog
 %autochangelog
--- a/nginxmods.attr
+++ b/nginxmods.attr
@ -0,0 +1,14 @@
 %__nginxmods_requires() %{lua:
    -- Match buildroot paths of the form
    --    /PATH/OF/BUILDROOT/usr/lib/nginx/modules/  and
    --    /PATH/OF/BUILDROOT/usr/lib64/nginx/modules/
    -- generating a line of the form:
    --    nginx(abi) = VERSION
    local path = rpm.expand("%1")
    if path:match("/usr/lib%d*/nginx/modules/.*") then
        local requires = "nginx(abi) = " .. rpm.expand("%{_nginx_abiversion}")
        print(requires)
    end
 }
 %__nginxmods_path ^%{_prefix}/lib(64)?/nginx/modules/.*\\.so$
--- a/plans/tier1-internal.fmf
+++ b/plans/tier1-internal.fmf
@ -0,0 +1,10 @@
 summary: Internal Tier1 beakerlib tests
 discover:
    how: fmf
    url: git://pkgs.devel.redhat.com/tests/nginx
    filter: "tier:1&component:nginx"
 execute:
    how: tmt
 adjust:
    enabled: false
    when: distro == centos-stream-10
--- a/plans/tier1-public.fmf
+++ b/plans/tier1-public.fmf
@ -0,0 +1,7 @@
 summary: Public (Fedora) Tier1 beakerlib tests
 discover:
    how: fmf
    url: https://src.fedoraproject.org/tests/nginx.git
    filter: 'tier: 1'
 execute:
    how: tmt
--- a/plans/tier2-internal.fmf
+++ b/plans/tier2-internal.fmf
@ -0,0 +1,10 @@
 summary: Internal Tier2 beakerlib tests
 discover:
    how: fmf
    url: git://pkgs.devel.redhat.com/tests/nginx
    filter: "tier:2&component:nginx"
 execute:
    how: tmt
 adjust:
    enabled: false
    when: distro == centos-stream-10
--- a/plans/tier3-internal.fmf
+++ b/plans/tier3-internal.fmf
@ -0,0 +1,10 @@
 summary: Internal Tier3 beakerlib tests
 discover:
    how: fmf
    url: git://pkgs.devel.redhat.com/tests/nginx
    filter: "tier:3&component:nginx"
 execute:
    how: tmt
 adjust:
    enabled: false
    when: distro == centos-stream-10
--- a/pluknet.key
+++ b/pluknet.key
@ -0,0 +1,65 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGKE4psBEADpHSM/IxFD1nXBmnODYXzcl2A+6b6m9m1m2Y4Dlr0ed+y5Lxne
 QidE9I74A2KSm6+eHW2yh4i1ZwZbmwpmQqM+j5BMt7axoXOdKSyN+fYtUakzNbBN
 EDRKT79q/zIzkgTJradHkCQkwF1W3go+qPXjR2ZEnLma9dZED9VNI6PmOpeYaASo
 IkEfbKbwa/vPrvnDSSYY6Y02RXSRk5U1NvQgVUTJP9WGK7NlPUcTBDELLQv6fFPU
 kjBOel6MecsQ+v8iq4RJF2cbVF0hNjbAiNldjLV74Xd7yWVRlCbdb2agyvQjMNrD
 jHSvbEMiNB3R8yBHVW2Zldv8q0XjcwoDfdiZYFJe3lRUYmv6I2p+/DptD4r/3ILI
 peGZtSeOdQEw+vvODL/Ehq03anTrzcpZ6sDLfLrYJhYcrltj0/LMUnLDAjciwRUq
 XI46EfxwqsdLeqoZFQeO3LOFsh0kJKR2xOrUHIVy84NJ4Gmro6WmUkb1NfdjyHzF
 z8Lfbo46NKoTcwFsFF0q74jVVIVNUyIS91DusiMqLCsP8jqDOz/kyP4bOJQ+aUXf
 BANn4Ll1TFWsJ417moxz+Pi5sTaI0na8z2XB1N9WPsSml3FS75hJPJshN2T3VIea
 zB7GFWqk33ynSDt+cAisG5nsK9fFdcH+t5wm59oobyFbFhKxwX6ROuxlZwARAQAB
 tCRTZXJnZXkgS2FuZGF1cm92IDxwbHVrbmV0QG5naW54LmNvbT6JAk4EEwEKADgW
 IQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoTimwIbAwULCQgHAwUVCgkICwUWAwIB
 AAIeAQIXgAAKCRDIRk1UmvdcCqbOD/9Htgk3mWvUFmrApkWQTIDNmLACZ1Sw1PXj
 Uqte8StYB0bYY+nmAXs7O5eC2h1ViParl7En1joEEMQQmH0qSnw4X1CM/hA8TAYW
 mBPITTNWo/R52WoyWeWGFnFNIperQmuIZc+pXm0VEFVPiX/2DXbCIu+jaXySvlCN
 LekmOD4VC7dJS8/ohoaXOR2T8ufS+1CsyPXomEb+COhqRZ3EVBa+k7pnElkFft3Y
 a1fR0AgatZFQpy+ukePhK7s/M5RGhDJWHgSAZFkf+X2jVV4NRJ+XsY80gU5DD2ZX
 QT6Je6Knxqk7FnWNSxkhReH6Ss5flZSoGDCmJ2AsPtGeUhus2fGqeN+waGKTZC35
 die2V4/cro1SWswSI6Y5GFDZT1olIUztPmSXU/A3oyizJI7XZybwUbpk5kK83VXm
 el3U/7Qr/VErlDWFefZWeUvT1RILZ8IRoNj4dv158RnKHt9G508A5qz4hUPKoSeq
 SiXhYwfkc31WPzIJ4ev+X5Ka2sG/CKbEMJ7qwc0Kadiu+ePPfqqbXjpTWRyrbcRM
 hRNcLNUi1SLWMBClOQG+5GNG1dPPHkbj4dO1OZuaUMwQdu8R8NlsGoVWS40bmVv5
 pXstzYCl7k/UnC/Ytlq61GeAoq8ILa6jGj0EWqlhvi0ZNMN+fROhzrRlTzIr/+WE
 Xf8EiVNFSbQlU2VyZ2V5IEthbmRhdXJvdiA8cy5rYW5kYXVyb3ZAZjUuY29tPokC
 TgQTAQoAOBYhBNZ4bOMD2akCKZjcbMhGTVSa91wKBQJihO2zAhsDBQsJCAcDBRUK
 CQgLBRYDAgEAAh4BAheAAAoJEMhGTVSa91wKgLQQANaf4UMndkWoefDQPkJ5qR4K
 fuV0WRz59riZEApTkVpPXzl8Y1i8Rgt9pa1v1i12vPyIXKav1rJXQcuDEzqrhQ2G
 yvuAE2U/t2mYaMUmwxWO2d8JA3slvBSgOkiYpbLooDizAdKMT5UQWGyw31Wm51iz
 HjoztebsyXeXgq9VDjv3D8LUBr/OY3Hguj6HV+zRtC95qgXYadW2FiCtvBK6RTDb
 iShTuseLSheGh9dZIUSnzaOiJpDA61ZDYtFZxSpe67vEzhSfHVsF+ZdCjoWhhVv+
 +2wR4E0VQQtOM9uX1PMlZ5Ymr02/gidsXCM0ZjYXx4cDDhnq+nKomN64VloXWY9t
 PIi86XmzcSWlGUd+Ac6LyW7/f64bUWs4Ih0Idl0PF0sAr/6axKUsIs1nbn5MEtXk
 ZPAjcDLqLb9IIQaXRurm/il8v+bLXVBOJq33YUuGRuz8pu4vPA5Q97zglqhlIgbu
 prHMJ9hl5q39JwS3As2rK0o6Q9VVKr29rqSEfk4wEttvk0QMMU5zEvVl8MtqPj42
 qURqpHOadFbYMTwhUmRBUszRZPa5/pWqq0gWOtpyCWFVAsHFWQGJM1Eo6gGEyHZM
 YgBp+d29p2p409r1+06U67GBnXvUy0RyIpkLQtU+lyOJ6vvrBmmsDs/gc69GnlSC
 tZmCt0pLesJ7ZJzGdDkduQINBGKE4psBEADQr/enuDeVT11v6ejuYrg7aaZaGFUe
 3i28bQ4pRUKNfxs7zVYDDHi2i2bhS5j2yQnbsQtGcgoenw6lapmdQRzr4vjQAz9o
 kT6l4qpqvFFQM0wZTnigVDmmO9vTHR8Uk3iCKTd2ax3oko/xPWWYJautJ6ex8cOA
 coHSDeOjuIWSxCKq0BDFp6LoxkM8nuyLAX2cbhI3LncaZhVveMeN+Fmcsv+WpkKs
 yhX92umZuGwlraSyFy23FiRWSZPu9qVIxMMHvVrQJIgfhyWaHFzoF4M4qDoSKx92
 uWfUWgFwPOxOJ6/YcPsX4T8qTl9htmwPN0BibPTlcWaIFXtiU5bE1MivUPeACrI/
 gwUfCR3Mg+GYc13C6jzepREUhI7PLi3+A203PlMZd/aaSZkP6j+h4cwdapH5P4uF
 7T1EQ0MSdx3neAvu5p0IM6JpriwxfT3HsG+Y952T6MIeXcjNRebsBrygJhJ0/vyr
 wV5t8jL0yQty4CiE/QFnBs42l+rngi7K7Y1AZRBGK7JA09XaoLrfLmS+PrbYPsaJ
 flkM8GzUB7BBCLozxDHPzmPkf/A1w3XHZnYuZmS+pvjWCIoKpLQHI99oSUGho/TR
 gMRO4v7EAzluqCiepMl0xwFfHB115ND/mATazc4Pt6FxUsqffzfZrN01e1UVPrp5
 4x6YLO80JnOY6QARAQABiQI2BBgBCgAgFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoF
 AmKE4psCGwwACgkQyEZNVJr3XAp9ghAAgCgErxQYn/Lh/mzsxYXPnisggcBpceks
 mGw7knj1EGkXqq9CHn3EjCw8dB5N857UFlUr++DHwpFL5O36PRQo33RIUFbmBypG
 8C/xX1jWGu3xcaqS3P1ncsSSl6ckdvy9pjMxThm/RkXO0eJCn7FcanwPJXEB3Pbb
 mm0wLI2OXl/m7l5QAr7kErnPvGNzcbX6G35Q/MY8mumBWQ9H53R5ZPpi+OS40Wfn
 pZNKdh/Acwa7+2RokPqoOcJfxVdBOUigXTzb45qZgqEsSR7bkZAy2E80A/sJKPqs
 OGjp9cog3rBYyNBn5dasfR9KeBtluKnjUbzutXsQoKUSECY00YGrtneSXMku5hoE
 Dguk68w/L63ZApYHO/JTgJAYvqPOErAVUegPIw2CT1/2qi5vpClBcKkNS7RXrssA
 X+lElE0zbzX3bNG+lQuXby7jNUFYltkEiz6vTtc4HuHy8u40DHMswzkoDr0T8IE0
 7ZRAWXwV1nlA/dI337cHCsWMJyqem5wZZO13iqe07qaCg1uvBPeqDo81hOCn1us7
 l5SYRUTlt7KSFEHZ+Sx4bmVneAuRi5okaQdmrepy/ss/vVpRwWuQxsPkvT8boS7s
 mqOVsZFcNOuUJPUyOz1dHUL6FMYpk1dw+9n41gO4fLBzJekFTB/fxL6SRbYFWWn7
 x0VGHDmuaYQ=
 =HmVo
 -----END PGP PUBLIC KEY BLOCK-----
--- a/sb.key
+++ b/sb.key
@ -0,0 +1,41 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.4.11 (FreeBSD)
 mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
 reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
 jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
 5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
 i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
 TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
 dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
 AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
 9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
 XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
 IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
 SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
 WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
 4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
 HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
 c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
 AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
 eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
 jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
 QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
 w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
 dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
 bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
 OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
 XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
 dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
 PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
 uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
 IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
 WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
 /2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
 atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
 p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
 56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
 x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
 CoHAyoqJeb/xLBwuKWg0/4U=
 =iFlP
 -----END PGP PUBLIC KEY BLOCK-----
--- a/2
+++ b/2
@ -0,0 +1,2 @@
 SHA512 (nginx-1.26.1.tar.gz) = dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
 SHA512 (nginx-1.26.1.tar.gz.asc) = 0d40619927d8a8f193d33b3e79868624e95a9393449e4f99e2243a580bc5577e024cadeb40cfc8932e91606f5113316cca33dfcfff1f0fa2ea6f956990b53a87
--- a/thresh.key
+++ b/thresh.key
@ -0,0 +1,147 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQGNBFrwMiUBDADo56OlDknN+ReCMP+8CN1biK5izmGd755TxktHLI9nAP8ociIq
 Hjrps22pBtAIQ6eZpwCFBys2mR/441rOgZW+O6uqBYrttbxTMvE43EmKYGuFCmuR
 u0JGMPuqnzF3Y+6uoKzqMzazSrZIBWsBKAkNYTw8+yPlxGgffhBp1ueME7Lskglh
 EV9gmrEM0QlWod7wSQvyruExPm5INx3MG63Xfvc0bPiWUOGKyMb7kXA5VgnWuzmS
 BCMm17+A32vMyxhYcvSEgUayQjGghI1uPDSqBQBMEFTgSK2wWzvAXf/M45nxKBgQ
 IEDmvoC8RM9JTtUr7RE/E1mjsuefF2vYYYsWBstRFGAlUV1/lPNNibu3NqbCug6b
 1IWJuV1DX9T9/f81GZJrsPgYYKC6Ai8C1B0NGWjos7/GzgEFENQgf5duOhFPadQz
 QbRxBoId4Fe/Uwe2HxI8ESCQMwsq8bowcCn6XRA2EYkAt17Kab6LH6tTP54XG9TL
 bV7bAhyrvZAk1lUAEQEAAbQjS29uc3RhbnRpbiBQYXZsb3YgPGsucGF2bG92QGY1
 LmNvbT6JAdcEEwEIAEECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQQT
 yCpjtgNXYVbjCk6g6pgbZrDZZwUCYoTfvAUJEPqvFwAKCRCg6pgbZrDZZxFYDADK
 R02XgC+AoyrqMwBNXC8Y6aiilEsyppsgj+KwZcGKDYN488gEmff+/KIEdtglw3I3
 tCMbo+FzFjHveeVCb0qrIMerWJg+o4YrxxqlQ9Q1InpduKLrIuGae0J1ybITS8+v
 iYAmwzy1Wb2CDDuCnhCR/QDfOE1CvRILVqIKezC0tRrBTEvRO84m6YMBtJ1DP75Z
 2cTNyjPos9+uxi4JcMKrMUBwZKya+z5i+Uxd66wuPj9KmggNG1x+bqMWmpTrSKUn
 gbLabFUth+uWumpj3/7HBT8Ov7rPgzY/vn3Fn5mKdLQm+kRwSX9/FbtHAE3Qsm+f
 6WW8CZ4XzL9ONfhQYwO2Jrq4HzgYloZkL+1Zs61X+zeEyr4o/mzt5DHbQRsD1UzQ
 gnh7t3YdSAy6gBqevjPWkQlq9e8eoFRydN/htwjS7dleikOsYktSnTIKlRXAWGCm
 jkRpQyZYuuPcWcGRt/0MVewRJmLemH6O+NviqhgGRePO9QR0R+yfdCwewPJEDk6J
 AjMEEAEKAB0WIQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoeH1wAKCRDIRk1Umvdc
 Cqa9EAC8Li+w/sRwiu39vNUBogWiAKj3mlfS9lEdmPWx/MSzWtik+IlI931flFWI
 GL3OWC0ZXVV9G3WXQmVUqMtW2Eachy1DOSwAh4nRn03udfeMG79DUJBvMpAKTSua
 cVr2tRCFXQcx+6hmkZaANGjalzVu8tEcWfOiT19LS1QM+PH36adQCtRD+wwLgvVq
 qVowo6yO6jdhCATakRWO9uqeQXvdhJ7n5A3/Hg4QKtbb5vbz6QTPOs1+prICBdfF
 rVEdLx9BeZGVVoWeJNzbv9ZciC+8YYo/HOTbkccJSJ+G/FeHvshYL9Saxrsl1nUX
 yNCHBdrUyxPfZMgPWD2k431uplUVCwV5MOaQR4KU8AO3lcKVs02viw4smo0mWa6O
 pnMIHQ/cWgNxB5/66ch3r7YqosBi8KWHMVBejD+tOv/Y1Ey7v0mF7nBdIclbQz8t
 6PlKN8cOggqWjczPo1BtwPxiAkI8Y4VyhOk4ncZnluY1CtM2rQipLfcVFC/z3UGh
 ZuZ9WIi31ns8Va+msHyIaQx51PB0hSmL+AkDjUuB5APO9zFE2tGV9elbmant6f5c
 k4F65i19kDcfPe397FjqgyCdIduEDDtoaSS+a6oUgffHgXMXhtP2hI9zQ6c8Bnnd
 f10HDxakJEcNEz7m8i7VZ0xb+UsOej2rSgdyTIW+an9t8NF9eIkBMwQQAQgAHRYh
 BHM4lzBp7T9EP00336ZP1bF62zmoBQJii0M3AAoJEKZP1bF62zmoEZYIAIK8SaCJ
 KT/0NtCyzmFdjX6v+H+EYjEUJCx1QPsHt35Qglco24L/X9hnPJF9P6MY3S3PDLyd
 9JsmD+mujgsShqYFME/GzSScYy5Mzm5FM0xXs9UJ51YL+frKknenN5eIr7WVjXnh
 g0fKn2ZqXlZ/MozHKjKQhhzl9SN6b8eDbi1SFHS/FC7C4Tymnrkhi2KAvpEtUyvg
 mRSCU5Hrqh6wvi1bCpZ4+vXzQG20CT2cxa1YmgJIDhBqKiWGLyEY2hMCoRKsx5CI
 UVllc83Hrpk182DDOoVVhxFpStYD/4CNCP46oSeOtjv6EPLIIug25rsjBHPHPfMf
 p64DcAoKkk6cuFWJAjMEEAEKAB0WIQRB25JxPTv0v/PukQacXn+i9Ul31AUCYoeM
 ZQAKCRCcXn+i9Ul31EVUD/kB3lxEMDKFg/lFpSBxm1nxplmOCp5Nq9F8Rs9KDsbR
 Rc4zKL+2PLkgfxh/Nk5+9zjclUjFMBzYS0vEEml7f1R6ceG1a9r7HrdkO581Mvwe
 x90qVkMMKsShqIcuLzOK0LpvTobBlQpZCBImsNaEVHnmMR3hCz5OmUsGjxNgym87
 +ovRJKCZRbbJ36w+COf/jVEkczm+7OrG5BeTTPwWjoIkqs6dajYikfZI79J7FZ2C
 pWpWeIgJA5emc3sAZWi0KTxlPZ9K4ff3iuV+Xf2PyuRC3iZlOuO66RJ/sl441ebN
 ckn1Ngu3s48PyMjgD3VG8WDh4RCqBtLpMQJc60wboq9gPMhyyd5eyTYMI90HAEg9
 pYGsw6Wk8NpUmBzbSzqSOOdN/SvAXkJmQVGKEzgvDLEsmTeddsjE6U+KUS+8Y69k
 Dc3sRIR3p5cKoPgZuK2mgbiXvF+TyVGODsyUUCygCGBNN8vsDDw4gpTuOhUm1nMP
 3jagHWz2NnMRo00x2nayjffjpMHCKSoNy+UTBKhVLffeZ8df6fCD9SAK+UavPVFW
 kMKhd+gofhrIbnca9ZL4K+CdyD1d0sxWNtoiDGi9HSnTwXhyGujv2QnNpBxCUZTD
 nvOEUSNFP/9N+tkAAGiAvk5L5ZuwHRppvnv6t6JEbM7ryRBwWHwgWHConwiFWImN
 XYkCMwQQAQoAHRYhBC6ZFqS4exJw9J8ez+sX9nTHmkCiBQJii1dOAAoJEOsX9nTH
 mkCiKu4P/0+je/GsBE69YVAwEFBrrfhEJtVUY8GSYM8WeFoq20SX8SqwltGLFB5R
 kbZGgPLe0lJrgXzL01GqjU1tnXPbtI7LEq1FKiTkcKVdne140oX1XJuxmFWBcldG
 1IetinhJt5EkaYc6nyk9iWgCz9n5YDq9Lr/9jLhFQAgawuicwAfuB13MGbJZYm/Z
 5eSdxnivXbrGAYR2TI6/kcf0JLGR03fKbrEM8uBnfZNkKZELyYrBCj4FYODT++Sx
 pDyrNr2/FlierISJrs272JT7ICg7Knjh6X7BSzsgK7JxyG2UtJKK7qJXYEqMtYhH
 U1tdh4Ru6zSd4DklgrFHwuUNlTm8f1gPQ4I46p2RCQy2HMnA9WhJ8kwE2JOAj83y
 87f9hDwjmn8Pf/iksXGRFQcfDqkOIUf2EnyBvxrzS57Dfvk6WCaH+OLKn1jMyxL8
 BekCyk7L7wrMJI4yH51jyJySScGBg1CM0fYqLFWU/I+jw9bHROdCOK2LBajkAYgx
 /eLG9WtS4etlNmpsxhSOi48wxa6kIOnD2rJGvQMALxhWJlVBEOMumv96qNCQCzHd
 6NRLBWBva4qlKM5RlZreeVyArFtTiUmnp6RST4FrMpVgmhoeyos6P6GIG6QVPS2b
 4dSRbeKmJFb15kZN8eYP4/BW7DMBzkFwtkRFDV5f/4W6CU6UIGzViQEcBBABCAAG
 BQJii68XAAoJEFIKmZOhwFL4HY0IAKejouSXBCQWJmpdsA9TV2WVdMspUZHDGRAH
 epQetm0+eX5Jh62ktuAZG+KCZ0bMdd8FJd6+RRpftUGhDibu9IFfyIK1v8jrChTU
 /EwK8cPgLn4KveTgC58UrKt4NMpqcETUCrXHVwZzYK/sGZxxKVHhmnQJtfsvg7FV
 7Ia9ohiUy1/rz9UlwLPUGmrDnSemSR9w1B3XeNN8SmTHQ5gpZt/rvsII0wMhvS7p
 TXDpK5YNAqItC+7ZDaU1T21xeZx9OGSt/T2ETXb0rjIJAhKiSShqbiRonZHrxOcg
 p0vSM1IAsgfnRihHu9YZ3Vj5ntegHh4fWdcTSZUx0n/YggArsyG0JEtvbnN0YW50
 aW4gUGF2bG92IDx0aHJlc2hAbmdpbnguY29tPokB1AQTAQgAPgIbAwULCQgHAwUV
 CgkICwUWAwIBAAIeAQIXgBYhBBPIKmO2A1dhVuMKTqDqmBtmsNlnBQJihN+8BQkQ
 +q8XAAoJEKDqmBtmsNlncQ0L/0Yk1QejO06gWwV1J2eK9LmjbMofy2ujZBgW1IGt
 /goo5R4PzC8lBBcsBtsKyN0Rsh7QdLrtKKLQrE/gpwMTMdKhJTdP/c5tUY3EwgId
 BMYVaxArZQiWlPgSnoKuKydnn6Rb+Qtrhvb9pjn5XlGd/VSbAXZe8YTj6B8qjUa2
 YY+IreyB6wkPN/ytV5vcocbS7mzXaibGPVT35e0Pl1Be+xbJkbTmJTSJCSPwyHm9
 t2Vuq4e/c3fMwhOUbBjfssspR103vo91XO5sY+v2aQJOctNrv4ZpHMrwBH7MeqDI
 SCWg9PICUv0ewHzAEGB+K0v342rVAzVNEctwM3Jic7fEJYsItdw+Zk4r8NYqACoR
 CdSUEHqhP0DbYoWdthpUwD1J5ryWyKTCpTL4wNhKEMcNaiHH3qorSssyMHMFRPoX
 Kw9Pcay+Uo8NXc2KKxhEHTbQts0jYUNcq0yuWHoNQ4vhKkf9CHBrb/vS22vfEJyd
 6FX6ZRYK56A3EFAV8hK0BvZAw4kCMwQQAQoAHRYhBNZ4bOMD2akCKZjcbMhGTVSa
 91wKBQJih4fSAAoJEMhGTVSa91wKipoQAI3wkWd8HLQ0w4IFA6W3/igrZTut9sV+
 K5Veb61zCbJn6I2aO3ldSClMWpJfvG1OPKyaA6o4QfWt7KV9of8tu68k1rTrKKYe
 qXe/0KNp9nzEwVmLASG2U6onwaCehGocvhWc9tE6MF2Gi+l+OufqsMzmx7gkdwE+
 4d/VpY/i+eZzqNi1WWNUR45mrItvw84enGW2u4JOaFdSOE2PAbSTUOlcLxfC9yCo
 lxAkCsy+CsXM8WKlIDH8GpWh/mWyqjoAhZhrlGhdABjygqFAOrDhIaecc8eSOcD3
 6MQvhj/y1kh0Fe0rMCSdxUWtSjv+Sw5g1IG6GxhsqFxunxfGDpdbaLnyTQWahDfi
 5OsOFl6JbPFiTaF9Xqz+8r0hiwusT4AJvM5M+q18f5dNCeqVKmuAn3BVBw4RdG62
 WXt4q6uE5rDI513dR8t84dTgOr9+tHKh5TJqw46aI+kMe36z7FPXBgDsGSkNtM4J
 BYdZzxSoJCfsGCjlfapkLHrvI+S7AP2952WfYy36uuxBiuTp3vCghvKkXZUeN2kh
 P++0Zo4OjZGOllhab1X5xZGO8AjWeei4pq66Ys94Veidw5VRi/eWyvB3OhfCq9fb
 qZIKUfbgTu0y7vOEWWY9wQml12gpxQfkcI72NTiNMCH268WZoXYQJp0+NZtxjsHQ
 PdhNxQOaJPqziQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmKLQzAA
 CgkQpk/VsXrbOairRggArvsikhDrA1d/x1BXnzOxE2sznq/d84QCKMSQpavrzXHF
 LQF/qIB+ePA4bmzwvTxQup7yTLK3mQDl0rejXEQMnXHvgfH73c6l6TdAwsoLmrpt
 oGNzfzJsbiKD2hJT9jJVnipuqqOA7hPT73TA5KM4GzPupFTadB57lDxzzcRfALXi
 t5Qa6A83tLelQXLOWP6IdyPjraa/kva5jYsMavZU0xWTx9nPeGCwqAnqdEN4Hp8K
 WKYn9EzkBOL6pPB7GyG/G20ocTCv/ZCJMkamAxjprUovu9BUEg5fCcHrSBtsgGE0
 doPfqyOb4tCofZ8aXZYIu3+BEcNO0e5la+eW0YYYPIkCMwQQAQoAHRYhBEHbknE9
 O/S/8+6RBpxef6L1SXfUBQJih4xhAAoJEJxef6L1SXfUb8AQAML5vwKOTw6Bn0tA
 1ypo6DmlJUWalGgEkFheUC02s+BT+bL/fMsiXd6dBHHl/93bVBQBL/AjVBVv7viQ
 kfQLLk7iQmEQ/mljvImGkA/W+vyHKDue6n79Ccjfx/ECQB4Y8mmFhOqhDjEC6oR6
 ny77QbqmzvjkhfncD26cJq+qRGnE7EwuQI49bR1deQGxr5apqx5XRbf+GPnXlPTc
 nKxctRsw6PLOjFoyGhBnvC/rEzBUx+wE7jK+bY1TSdW8x91LA/SseWqsmEFzbZRt
 KKaHE9wD2DB9UvdBAjXdBZvKQ35zSJRWQByODztI9ZcaOWopK3UtIhG/eNIaJGcD
 9h3SaeVE8PcUkvZqhLtQf49KlUBc8/g6Nj1wqcBbHDXjbwzt9Qoh6uFyjMkbG3NP
 BXn7cT8888fJ9Oi53XjjZEVKA88AdcqWpUZtyElNwGtj8IvJ0R9SMKR/7KIYPFWm
 R04Uok+oj0wQABHkcLmYMUd8psw6aQWG7oybfgPokRChExigLWrCJbYd00banL18
 W6RxOQzceiKeZ5sZ5Y+yjQIrKxXKSLl42s8zol05TPScnBn+SAWigG4eEEJhT2by
 2WqbhCG9snN9/YMlY8MffOFnD05ps40CSdSCsRgcmaqxgjy75h/z5LYO4HnHwPdY
 p2ysNzlruScewHvijYJhEKxo17lBiQIzBBABCgAdFiEELpkWpLh7EnD0nx7P6xf2
 dMeaQKIFAmKLV00ACgkQ6xf2dMeaQKLLQg//etbDTflbm+HbxI/YyNQhyQfk7icE
 ytLL+wT9zDW9iq3AMdaPZwT690CsJhr7yzqjk0AGoMyuPfntvcvYb1mPTObXHMzh
 Rh7+tViPixkJd3hnjSrPBEOkpAghk6xWMx1wldZ9x5XyJ0yC+toBkSaB/KIQeRG2
 8/jHtxIQKvPGL28gUjdzW+jopSA4x6gSZAgQLyfsjoUHcMrRJXrwWcmSe8faD8qX
 XD4z4hN3wQg6olSuaxLM7OoNgbiEjKaL1LaX/xzvC0lGs9o2JBfNFDrng9Y/fZ4o
 9aGqx7AZey+4wTKjXqbdEqfDiHfzHxkLBunPxSjJAploOcuvhNOQAY7tv19/mYY1
 UoILY9ninCrXthe9ZqhaXxhRhqYhzrE8svF+R01I/U+N4985AnDKRkJ944pZfeh1
 wYzEZOPXWvvTsiBLbgi9LuAzoFjA4WJsJBp4AP/U7DtsuhMTmxyBJa+zg8PHj1Ew
 jBYYuE++ulsilS+76sQawT5KbszpYmEDJiQUuEJkujPQ+hGzuuocoqHrM/IcoAoy
 i5I/JMAYRqCQfGMFjirmVj3c01jgsOYl7ZgchtCBJfG8V6rlYdTq2FTdaLYdleZC
 kS7N4jtm+6/KEsf6ukeGNEMbsxTSPHq4RL13eSitRd9Ms+ukSZFFgE0rEiztcdxQ
 h1PeaEVaxHaSSWiJARwEEAEIAAYFAmKLrxcACgkQUgqZk6HAUvihvAgAk1ETByL3
 FZtIlk8scREfwzyqyXuSYWdJ5ED61fKnpcfwGKsOkd+4MwHOSgvxPdnLhBEsMkNq
 sV82EqX7lTIGoFBLTeW8ZGAxmt/88j3z6mnm33lSTreeVwsQ+B9ZKVAv4E/liDVm
 6iq9aYJni4FUoFjFhtgsvJUNs3oX0gaEXdaCqzIDysU2m01vOPx0HTeI95+HdlJW
 Iwwh/cp+YuclHppI+b0OQKJwLQDVyudzX0JYTWvgE/NCS6/rP8fjaqtFMWwL0tZl
 3JJAoLSAuhPyc+V2LkRVoETQGF9nRil2zSyy77Stfm2fRGstnQGOrNTud06el68/
 hYfWcCqooHNiMrkBjQRa8DInAQwA2Rk7UdUgpCWl+BMz9B9eKj0XtsNEciXHHKnS
 FYaSNCWNwib/FsiMfcPFh7xwUTof7e7HBFkvv0QEMCEp7R1MVNBfMiGtG1ICFIt9
 nByznPsRk4VvbY/prK4DZy2AmlwhNcT2pQO3AascgsCWdf6G+wcwnHg9tWCp0Xs9
 BNXuppmcRrpP4M1PPRIVeG1jeVXvuSHO2HjqPSXP5DhGgSGN7uLOhiLTnPINd186
 vf6tqRdqYw3g0W1ImEjGXHeNQfnieIWdU3X4C8KTEPsV3lvtmSAQCoge0CyKfz4c
 ORi4j8Edp8JpDQlbAThe529+R3eKUw7I/3ESxJBdqzLE/ItWvAcbGEserLDFrg9J
 1ojiKhsw3TVcDk+HIDzVakMz6HTd4ExSijMqTehzgKSVHDL+l2jc0f4VSecI+xwC
 3/kNsNTBpiPoUYtXBbJllHgQAakREkSKQBas02eqRu8SlQ3yEn87zTtNW8L7xpe7
 ZVtxwUgp40PUrsb8uMDJG7ZP5rhLABEBAAGJAbwEGAEIACYCGwwWIQQTyCpjtgNX
 YVbjCk6g6pgbZrDZZwUCYoTfwQUJEPqvGgAKCRCg6pgbZrDZZ3oEDAC1J3BVwlkX
 +eoo8VsXAYxMXm8kIaTqOn/tHMOYepK+cWUdHaeCH3N8LigwN4Ve2LtzLBqN3WRA
 xFNy0DIzdBfA7QdcAoDLnB2FNrWTmwvC9nXkCogFfSCq7c+1oFHdn7M/VZNU4o0n
 hVOnqM8NLGcgzX3K3hr+WLYUgNQ9G6x0N9VU43tqVwJhvNv4pyiRpRdLlmhOEf35
 a/sWE1dttSKdrBhyzTbptw4dXr4lUpvlswWs+dLpSPPhWAuifORv/amWh3bxIxYE
 qE4o5NI/PQLJvJJLsJvMIIjpKlAGBJg5h3WCiIAkl7H+BesOUIIg8ava5ZUyjlFd
 szBMaBosZvRgFAlfnYhSGqzhip6PvXfK1YokNv7kqw43c0f1SmtSXZR43SRv/4vp
 XG7IqtTuqgSwn1qDJgr4yfs8QQykO/jG+cz7X+5OKSAulWi9OoqLyDWlsm3WccPI
 cJfbm71P+I/ha7ESVQfOxC92fQ7HQAboj7NhecJ4RLqjzrWSHmPGClI=
 =t1B0
 -----END PGP PUBLIC KEY BLOCK-----
		`@ -1,2 +0,0 @@`
			`77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz`
			`2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png`
		`@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`exec /bin/systemd-ask-password "Enter TLS private key passphrase for $1 ($2) : "`
		`@ -0,0 +1,2 @@`
							`SHA512 (nginx-1.26.1.tar.gz) = dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37`
							`SHA512 (nginx-1.26.1.tar.gz.asc) = 0d40619927d8a8f193d33b3e79868624e95a9393449e4f99e2243a580bc5577e024cadeb40cfc8932e91606f5113316cca33dfcfff1f0fa2ea6f956990b53a87`