Compare commits
	
		
			No commits in common. "c8-stream-1.16" and "fix-logo" have entirely different histories.
		
	
	
		
			c8-stream-
			...
			fix-logo
		
	
		
							
								
								
									
										6
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1,2 +1,4 @@ | ||||
| SOURCES/nginx-1.16.1.tar.gz | ||||
| SOURCES/poweredby.png | ||||
| SOURCES/maxim.key | ||||
| SOURCES/mdounin.key | ||||
| SOURCES/nginx-1.20.1.tar.gz | ||||
| SOURCES/sb.key | ||||
|  | ||||
| @ -1,2 +1,4 @@ | ||||
| 77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz | ||||
| 2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png | ||||
| fe1bb3869c51a54f28e7e7a2c1d8a790a2ca7789 SOURCES/maxim.key | ||||
| 145bf87154a2689f7c09a376c11f307012a439de SOURCES/mdounin.key | ||||
| 6b4ab4eff3c617e133819f43fdfc14708e593a79 SOURCES/nginx-1.20.1.tar.gz | ||||
| baa71c22e4e2b67be2a5f4f4df25a99962488f90 SOURCES/sb.key | ||||
|  | ||||
							
								
								
									
										31
									
								
								SOURCES/0001-remove-Werror-in-upstream-build-scripts.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								SOURCES/0001-remove-Werror-in-upstream-build-scripts.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,31 @@ | ||||
| From 00cab63102084b89de0a3494a1d023c4b1d4982b Mon Sep 17 00:00:00 2001 | ||||
| From: Felix Kaechele <felix@kaechele.ca> | ||||
| Date: Sun, 7 Jun 2020 12:14:02 -0400 | ||||
| Subject: [PATCH 1/2] remove Werror in upstream build scripts | ||||
| 
 | ||||
| removes -Werror in upstream build scripts.  -Werror conflicts with | ||||
| -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 | ||||
| 
 | ||||
| Signed-off-by: Felix Kaechele <felix@kaechele.ca> | ||||
| ---
 | ||||
|  auto/cc/gcc | 4 +++- | ||||
|  1 file changed, 3 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/auto/cc/gcc b/auto/cc/gcc
 | ||||
| index a5c5c18..cdbbadb 100644
 | ||||
| --- a/auto/cc/gcc
 | ||||
| +++ b/auto/cc/gcc
 | ||||
| @@ -166,7 +166,9 @@ esac
 | ||||
|   | ||||
|   | ||||
|  # stop on warning | ||||
| -CFLAGS="$CFLAGS -Werror"
 | ||||
| +# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
 | ||||
| +# to not compile.
 | ||||
| +#CFLAGS="$CFLAGS -Werror"
 | ||||
|   | ||||
|  # debug | ||||
|  CFLAGS="$CFLAGS -g" | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
							
								
								
									
										108
									
								
								SOURCES/0002-fix-PIDFile-handling.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										108
									
								
								SOURCES/0002-fix-PIDFile-handling.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,108 @@ | ||||
| From 62470498cca9a209aa9904668c1949f5229123af Mon Sep 17 00:00:00 2001 | ||||
| From: Felix Kaechele <felix@kaechele.ca> | ||||
| Date: Tue, 20 Apr 2021 21:28:18 -0400 | ||||
| Subject: [PATCH 2/2] fix PIDFile handling | ||||
| 
 | ||||
| Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026 | ||||
| 
 | ||||
| Rejected upstream: https://trac.nginx.org/nginx/ticket/1897 | ||||
| 
 | ||||
| Taken from: https://git.launchpad.net/ubuntu/+source/nginx/tree/debian/patches/nginx-fix-pidfile.patch | ||||
| 
 | ||||
| From original patch: | ||||
| Author: Tj <ubuntu@iam.tj> | ||||
| Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 | ||||
| Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365 | ||||
| iLast-Update: 2020-06-24 | ||||
| 
 | ||||
| Signed-off-by: Felix Kaechele <felix@kaechele.ca> | ||||
| ---
 | ||||
|  src/core/nginx.c         | 24 +++++++++++++++++++++--- | ||||
|  src/os/unix/ngx_daemon.c |  8 ++++++-- | ||||
|  2 files changed, 27 insertions(+), 5 deletions(-) | ||||
| 
 | ||||
| diff --git a/src/core/nginx.c b/src/core/nginx.c
 | ||||
| index 48a20e9..32c0afe 100644
 | ||||
| --- a/src/core/nginx.c
 | ||||
| +++ b/src/core/nginx.c
 | ||||
| @@ -339,14 +339,21 @@ main(int argc, char *const *argv)
 | ||||
|          ngx_process = NGX_PROCESS_MASTER; | ||||
|      } | ||||
|   | ||||
| +    /* tell-tale to detect if this is parent or child process */
 | ||||
| +    ngx_int_t child_pid = NGX_BUSY;
 | ||||
| +
 | ||||
|  #if !(NGX_WIN32) | ||||
|   | ||||
|      if (ngx_init_signals(cycle->log) != NGX_OK) { | ||||
|          return 1; | ||||
|      } | ||||
|   | ||||
| +    /* tell-tale that this code has been executed */
 | ||||
| +    child_pid--;
 | ||||
| +
 | ||||
|      if (!ngx_inherited && ccf->daemon) { | ||||
| -        if (ngx_daemon(cycle->log) != NGX_OK) {
 | ||||
| +        child_pid = ngx_daemon(cycle->log);
 | ||||
| +        if (child_pid == NGX_ERROR) {
 | ||||
|              return 1; | ||||
|          } | ||||
|   | ||||
| @@ -359,8 +366,19 @@ main(int argc, char *const *argv)
 | ||||
|   | ||||
|  #endif | ||||
|   | ||||
| -    if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
 | ||||
| -        return 1;
 | ||||
| +    /* If ngx_daemon() returned the child's PID in the parent process
 | ||||
| +     * after the fork() set ngx_pid to the child_pid, which gets
 | ||||
| +     * written to the PID file, then exit.
 | ||||
| +     * For NGX_WIN32 always write the PID file
 | ||||
| +     * For others, only write it from the parent process */
 | ||||
| +    if (child_pid < NGX_OK || child_pid > NGX_OK) {
 | ||||
| +	ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
 | ||||
| +        if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
 | ||||
| +            return 1;
 | ||||
| +	}
 | ||||
| +    }
 | ||||
| +    if (child_pid > NGX_OK) {
 | ||||
| +        exit(0);
 | ||||
|      } | ||||
|   | ||||
|      if (ngx_log_redirect_stderr(cycle) != NGX_OK) { | ||||
| diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
 | ||||
| index 385c49b..3719854 100644
 | ||||
| --- a/src/os/unix/ngx_daemon.c
 | ||||
| +++ b/src/os/unix/ngx_daemon.c
 | ||||
| @@ -7,14 +7,17 @@
 | ||||
|   | ||||
|  #include <ngx_config.h> | ||||
|  #include <ngx_core.h> | ||||
| +#include <unistd.h>
 | ||||
|   | ||||
|   | ||||
|  ngx_int_t | ||||
|  ngx_daemon(ngx_log_t *log) | ||||
|  { | ||||
|      int  fd; | ||||
| +    /* retain the return value for passing back to caller */
 | ||||
| +    pid_t pid_child = fork();
 | ||||
|   | ||||
| -    switch (fork()) {
 | ||||
| +    switch (pid_child) {
 | ||||
|      case -1: | ||||
|          ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed"); | ||||
|          return NGX_ERROR; | ||||
| @@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
 | ||||
|          break; | ||||
|   | ||||
|      default: | ||||
| -        exit(0);
 | ||||
| +        /* let caller do the exit() */
 | ||||
| +        return pid_child;
 | ||||
|      } | ||||
|   | ||||
|      ngx_parent = ngx_pid; | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
							
								
								
									
										88
									
								
								SOURCES/0003-Support-loading-cert-hardware-token-PKC.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										88
									
								
								SOURCES/0003-Support-loading-cert-hardware-token-PKC.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,88 @@ | ||||
| From 4e5f12d6584536ead82d20554d8f3f2ab0107b0b Mon Sep 17 00:00:00 2001 | ||||
| From: Lubos Uhliarik <luhliari@redhat.com> | ||||
| Date: Fri, 30 Apr 2021 13:07:45 +0000 | ||||
| Subject: [PATCH 3/3] Support loading certificates from hardware token (PKCS#11) | ||||
| 
 | ||||
| ---
 | ||||
|  src/event/ngx_event_openssl.c | 65 +++++++++++++++++++++++++++++++++++ | ||||
|  1 file changed, 65 insertions(+) | ||||
| 
 | ||||
| diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 | ||||
| index d762d6b..270b200 100644
 | ||||
| --- a/src/event/ngx_event_openssl.c
 | ||||
| +++ b/src/event/ngx_event_openssl.c
 | ||||
| @@ -617,6 +617,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
 | ||||
|      X509    *x509, *temp; | ||||
|      u_long   n; | ||||
|   | ||||
| +    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
 | ||||
| +
 | ||||
| +#ifndef OPENSSL_NO_ENGINE
 | ||||
| +
 | ||||
| +        u_char  *p, *last;
 | ||||
| +        ENGINE  *engine;
 | ||||
| +
 | ||||
| +        p = cert->data + sizeof("engine:") - 1;
 | ||||
| +        last = (u_char *) ngx_strchr(p, ':');
 | ||||
| +
 | ||||
| +        if (last == NULL) {
 | ||||
| +            *err = "invalid syntax";
 | ||||
| +            return NULL;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        *last = '\0';
 | ||||
| +
 | ||||
| +        engine = ENGINE_by_id((char *) p);
 | ||||
| +
 | ||||
| +        if (engine == NULL) {
 | ||||
| +            *err = "ENGINE_by_id() failed";
 | ||||
| +            return NULL;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        if (!ENGINE_init(engine)) {
 | ||||
| +            *err = "ENGINE_init() failed";
 | ||||
| +            ENGINE_free(engine);
 | ||||
| +            return NULL;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        *last++ = ':';
 | ||||
| +
 | ||||
| +        struct {
 | ||||
| +            const char *cert_id;
 | ||||
| +            X509 *cert;
 | ||||
| +        } params = { (char *) last, NULL };
 | ||||
| +
 | ||||
| +        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) {
 | ||||
| +            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
 | ||||
| +            ENGINE_free(engine);
 | ||||
| +            return NULL;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        ENGINE_finish(engine);
 | ||||
| +        ENGINE_free(engine);
 | ||||
| +
 | ||||
| +        /* set chain to null */
 | ||||
| +
 | ||||
| +        *chain = sk_X509_new_null();
 | ||||
| +        if (*chain == NULL) {
 | ||||
| +           *err = "sk_X509_new_null() failed";
 | ||||
| +           X509_free(params.cert);
 | ||||
| +           return NULL;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        return params.cert;
 | ||||
| +
 | ||||
| +#else
 | ||||
| +
 | ||||
| +        *err = "loading \"engine:...\" certificate is not supported";
 | ||||
| +        return NULL;
 | ||||
| +
 | ||||
| +#endif
 | ||||
| +    }
 | ||||
| +
 | ||||
|      if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) { | ||||
|   | ||||
|          bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1, | ||||
| -- 
 | ||||
| 2.26.3 | ||||
| 
 | ||||
| @ -1,3 +1,13 @@ | ||||
| From 80c0ee172cceaef933ff5a451ec2a16213e03996 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com> | ||||
| Date: Wed, 22 Sep 2021 15:55:39 +0200 | ||||
| Subject: [PATCH] Set proper compiler optimalization level (O2) for perl | ||||
|  module. | ||||
| 
 | ||||
| ---
 | ||||
|  src/http/modules/perl/Makefile.PL | 2 +- | ||||
|  1 file changed, 1 insertion(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/src/http/modules/perl/Makefile.PL b/src/http/modules/perl/Makefile.PL
 | ||||
| index 7edadcb..2ebb7c4 100644
 | ||||
| --- a/src/http/modules/perl/Makefile.PL
 | ||||
| @ -11,3 +21,6 @@ index 7edadcb..2ebb7c4 100644 | ||||
|   | ||||
|      LDDLFLAGS         => "$ENV{NGX_PM_LDFLAGS}", | ||||
|   | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
| @ -1,8 +1,17 @@ | ||||
| From a769a35a6197c76390e1dd8f5054d426fbbbda05 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com> | ||||
| Date: Wed, 22 Sep 2021 16:12:58 +0200 | ||||
| Subject: [PATCH] Init openssl engine properly | ||||
| 
 | ||||
| ---
 | ||||
|  src/event/ngx_event_openssl.c | 8 ++++++++ | ||||
|  1 file changed, 8 insertions(+) | ||||
| 
 | ||||
| diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 | ||||
| index 7be4fb4..ab3865a 100644
 | ||||
| index 270b200..f813458 100644
 | ||||
| --- a/src/event/ngx_event_openssl.c
 | ||||
| +++ b/src/event/ngx_event_openssl.c
 | ||||
| @@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 | ||||
| @@ -798,16 +798,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 | ||||
|              return NULL; | ||||
|          } | ||||
|   | ||||
| @ -27,3 +36,6 @@ index 7be4fb4..ab3865a 100644 | ||||
|          ENGINE_free(engine); | ||||
|   | ||||
|          return pkey; | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
							
								
								
									
										96
									
								
								SOURCES/0006-Fix-ALPACA-security-issue.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										96
									
								
								SOURCES/0006-Fix-ALPACA-security-issue.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,96 @@ | ||||
| From ee8ea4f1c88a0393206769cd30a545dc3375f868 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com> | ||||
| Date: Wed, 2 Feb 2022 20:14:55 +0100 | ||||
| Subject: [PATCH] Fix ALPACA security issue | ||||
| 
 | ||||
| ---
 | ||||
|  src/mail/ngx_mail.h             |  3 +++ | ||||
|  src/mail/ngx_mail_core_module.c | 10 ++++++++++ | ||||
|  src/mail/ngx_mail_handler.c     | 15 ++++++++++++++- | ||||
|  3 files changed, 27 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
 | ||||
| index b865a3b..76cae37 100644
 | ||||
| --- a/src/mail/ngx_mail.h
 | ||||
| +++ b/src/mail/ngx_mail.h
 | ||||
| @@ -115,6 +115,8 @@ typedef struct {
 | ||||
|      ngx_msec_t              timeout; | ||||
|      ngx_msec_t              resolver_timeout; | ||||
|   | ||||
| +    ngx_uint_t              max_errors;
 | ||||
| +
 | ||||
|      ngx_str_t               server_name; | ||||
|   | ||||
|      u_char                 *file_name; | ||||
| @@ -231,6 +233,7 @@ typedef struct {
 | ||||
|      ngx_uint_t              command; | ||||
|      ngx_array_t             args; | ||||
|   | ||||
| +    ngx_uint_t              errors;
 | ||||
|      ngx_uint_t              login_attempt; | ||||
|   | ||||
|      /* used to parse POP3/IMAP/SMTP command */ | ||||
| diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
 | ||||
| index 4083124..115671c 100644
 | ||||
| --- a/src/mail/ngx_mail_core_module.c
 | ||||
| +++ b/src/mail/ngx_mail_core_module.c
 | ||||
| @@ -85,6 +85,13 @@ static ngx_command_t  ngx_mail_core_commands[] = {
 | ||||
|        offsetof(ngx_mail_core_srv_conf_t, resolver_timeout), | ||||
|        NULL }, | ||||
|   | ||||
| +    { ngx_string("max_errors"),
 | ||||
| +      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
 | ||||
| +      ngx_conf_set_num_slot,
 | ||||
| +      NGX_MAIL_SRV_CONF_OFFSET,
 | ||||
| +      offsetof(ngx_mail_core_srv_conf_t, max_errors),
 | ||||
| +      NULL },
 | ||||
| +
 | ||||
|        ngx_null_command | ||||
|  }; | ||||
|   | ||||
| @@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
 | ||||
|      cscf->timeout = NGX_CONF_UNSET_MSEC; | ||||
|      cscf->resolver_timeout = NGX_CONF_UNSET_MSEC; | ||||
|   | ||||
| +    cscf->max_errors = NGX_CONF_UNSET_UINT;
 | ||||
| +
 | ||||
|      cscf->resolver = NGX_CONF_UNSET_PTR; | ||||
|   | ||||
|      cscf->file_name = cf->conf_file->file.name.data; | ||||
| @@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
|      ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout, | ||||
|                                30000); | ||||
|   | ||||
| +    ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
 | ||||
|   | ||||
|      ngx_conf_merge_str_value(conf->server_name, prev->server_name, ""); | ||||
|   | ||||
| diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
 | ||||
| index 0aaa0e7..71b8151 100644
 | ||||
| --- a/src/mail/ngx_mail_handler.c
 | ||||
| +++ b/src/mail/ngx_mail_handler.c
 | ||||
| @@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
 | ||||
|          return NGX_MAIL_PARSE_INVALID_COMMAND; | ||||
|      } | ||||
|   | ||||
| -    if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
 | ||||
| +    if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
 | ||||
| +
 | ||||
| +        s->errors++;
 | ||||
| +
 | ||||
| +        if (s->errors >= cscf->max_errors) {
 | ||||
| +            ngx_log_error(NGX_LOG_INFO, c->log, 0,
 | ||||
| +                          "client sent too many invalid commands");
 | ||||
| +            s->quit = 1;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        return rc;
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    if (rc == NGX_IMAP_NEXT) {
 | ||||
|          return rc; | ||||
|      } | ||||
|   | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
| @ -1,8 +1,21 @@ | ||||
| From cc7b92c61a2833ff9dc2b4dfba4591966769da78 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com> | ||||
| Date: Tue, 21 Jun 2022 13:55:04 +0200 | ||||
| Subject: [PATCH] Enable TLSv1.3 by default in nginx | ||||
| 
 | ||||
| ---
 | ||||
|  src/event/ngx_event_openssl.c          | 77 ++++++++++++++------------ | ||||
|  src/event/ngx_event_openssl.h          |  1 + | ||||
|  src/http/modules/ngx_http_ssl_module.c |  3 +- | ||||
|  src/mail/ngx_mail_ssl_module.c         |  3 +- | ||||
|  src/stream/ngx_stream_ssl_module.c     |  3 +- | ||||
|  5 files changed, 46 insertions(+), 41 deletions(-) | ||||
| 
 | ||||
| diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
 | ||||
| index 345914f..d23967f 100644
 | ||||
| index f813458..2e6a6c0 100644
 | ||||
| --- a/src/event/ngx_event_openssl.c
 | ||||
| +++ b/src/event/ngx_event_openssl.c
 | ||||
| @@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
 | ||||
| @@ -258,6 +258,8 @@ ngx_ssl_init(ngx_log_t *log)
 | ||||
|  ngx_int_t | ||||
|  ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) | ||||
|  { | ||||
| @ -11,7 +24,7 @@ index 345914f..d23967f 100644 | ||||
|      ssl->ctx = SSL_CTX_new(SSLv23_method()); | ||||
|   | ||||
|      if (ssl->ctx == NULL) { | ||||
| @@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 | ||||
| @@ -322,49 +324,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 | ||||
|   | ||||
|      SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); | ||||
|   | ||||
| @ -77,7 +90,7 @@ index 345914f..d23967f 100644 | ||||
| +
 | ||||
| +        /* Now, we have to scan for minimal protocol version,
 | ||||
| +         *without allowing holes between min and max*/
 | ||||
| +#if SSL_OP_NO_TLSv1_3
 | ||||
| +#ifdef SSL_OP_NO_TLSv1_3
 | ||||
| +        if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
 | ||||
| +            prot = TLS1_2_VERSION;
 | ||||
| +        }
 | ||||
| @ -102,10 +115,10 @@ index 345914f..d23967f 100644 | ||||
|  #ifdef SSL_OP_NO_COMPRESSION | ||||
|      SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | ||||
| diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
 | ||||
| index 61da0c5..fa7ac41 100644
 | ||||
| index 329760d..5cee113 100644
 | ||||
| --- a/src/event/ngx_event_openssl.h
 | ||||
| +++ b/src/event/ngx_event_openssl.h
 | ||||
| @@ -145,6 +145,7 @@ typedef struct {
 | ||||
| @@ -152,6 +152,7 @@ typedef struct {
 | ||||
|  #endif | ||||
|   | ||||
|   | ||||
| @ -114,11 +127,11 @@ index 61da0c5..fa7ac41 100644 | ||||
|  #define NGX_SSL_SSLv3    0x0004 | ||||
|  #define NGX_SSL_TLSv1    0x0008 | ||||
| diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
 | ||||
| index b3f8f47..8340a12 100644
 | ||||
| index a47d696..94f30db 100644
 | ||||
| --- a/src/http/modules/ngx_http_ssl_module.c
 | ||||
| +++ b/src/http/modules/ngx_http_ssl_module.c
 | ||||
| @@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
|      ngx_conf_merge_value(conf->early_data, prev->early_data, 0); | ||||
| @@ -671,8 +671,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
|      ngx_conf_merge_value(conf->reject_handshake, prev->reject_handshake, 0); | ||||
|   | ||||
|      ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | ||||
| -                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
 | ||||
| @ -128,10 +141,10 @@ index b3f8f47..8340a12 100644 | ||||
|      ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, | ||||
|                           NGX_SSL_BUFSIZE); | ||||
| diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
 | ||||
| index 5544f75..3316a4b 100644
 | ||||
| index 7eae83e..8328560 100644
 | ||||
| --- a/src/mail/ngx_mail_ssl_module.c
 | ||||
| +++ b/src/mail/ngx_mail_ssl_module.c
 | ||||
| @@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
| @@ -306,8 +306,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
|                           prev->prefer_server_ciphers, 0); | ||||
|   | ||||
|      ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | ||||
| @ -142,10 +155,10 @@ index 5544f75..3316a4b 100644 | ||||
|      ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | ||||
|      ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | ||||
| diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
 | ||||
| index ec9524e..37af046 100644
 | ||||
| index d8c0471..cef590d 100644
 | ||||
| --- a/src/stream/ngx_stream_ssl_module.c
 | ||||
| +++ b/src/stream/ngx_stream_ssl_module.c
 | ||||
| @@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
| @@ -641,8 +641,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 | ||||
|                           prev->prefer_server_ciphers, 0); | ||||
|   | ||||
|      ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | ||||
| @ -155,3 +168,6 @@ index ec9524e..37af046 100644 | ||||
|   | ||||
|      ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | ||||
|      ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | ||||
| -- 
 | ||||
| 2.31.1 | ||||
| 
 | ||||
| @ -7,7 +7,7 @@ | ||||
|         <style type="text/css"> | ||||
|             /*<![CDATA[*/ | ||||
|             body { | ||||
|                 background-color: #fff; | ||||
|                 background-color: #FAF5F5; | ||||
|                 color: #000; | ||||
|                 font-size: 0.9em; | ||||
|                 font-family: sans-serif,helvetica; | ||||
| @ -15,19 +15,19 @@ | ||||
|                 padding: 0; | ||||
|             } | ||||
|             :link { | ||||
|                 color: #c00; | ||||
|                 color: #0B2335; | ||||
|             } | ||||
|             :visited { | ||||
|                 color: #c00; | ||||
|                 color: #0B2335; | ||||
|             } | ||||
|             a:hover { | ||||
|                 color: #f50; | ||||
|                 color: #0069DA; | ||||
|             } | ||||
|             h1 { | ||||
|                 text-align: center; | ||||
|                 margin: 0; | ||||
|                 padding: 0.6em 2em 0.4em; | ||||
|                 background-color: #900; | ||||
|                 background-color: #0B2335; | ||||
|                 color: #fff; | ||||
|                 font-weight: normal; | ||||
|                 font-size: 1.75em; | ||||
| @ -39,7 +39,7 @@ | ||||
|             } | ||||
|             h2 { | ||||
|                 text-align: center; | ||||
|                 background-color: #900; | ||||
|                 background-color: #0B2335; | ||||
|                 font-size: 1.1em; | ||||
|                 font-weight: bold; | ||||
|                 color: #fff; | ||||
| @ -64,7 +64,7 @@ | ||||
|             } | ||||
| 
 | ||||
|             img { | ||||
|                 border: 2px solid #fff; | ||||
|                 border: 2px solid #FAF5F5; | ||||
|                 padding: 2px; | ||||
|                 margin: 2px; | ||||
|             } | ||||
| @ -92,7 +92,7 @@ | ||||
|                     <p>Something has triggered missing webpage on your | ||||
|                     website. This is the default 404 error page for | ||||
|                     <strong>nginx</strong> that is distributed with | ||||
|                     Red Hat Enterprise Linux.  It is located | ||||
|                     AlmaLinux.  It is located | ||||
|                     <tt>/usr/share/nginx/html/404.html</tt></p> | ||||
| 
 | ||||
|                     <p>You should customize this error page for your own | ||||
| @ -100,7 +100,7 @@ | ||||
|                     the <strong>nginx</strong> configuration file | ||||
|                     <tt>/etc/nginx/nginx.conf</tt>.</p> | ||||
| 
 | ||||
|                     <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p> | ||||
|                     <p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p> | ||||
| 
 | ||||
|                 </div> | ||||
|             </div> | ||||
| @ -110,10 +110,10 @@ | ||||
|                     src="nginx-logo.png" | ||||
|                     alt="[ Powered by nginx ]" | ||||
|                     width="121" height="32" /></a> | ||||
|                 <a href="http://www.redhat.com/"><img | ||||
|                     src="poweredby.png" | ||||
|                     alt="[ Powered by Red Hat Enterprise Linux ]" | ||||
|                     width="88" height="31" /></a> | ||||
|                 <a href="http://www.almalinux.org/"><img | ||||
|                     src="/icons/poweredby.png" | ||||
|                     alt="[ Powered by AlmaLinux ]" | ||||
|                     width="124" height="32" /></a> | ||||
|             </div> | ||||
|         </div> | ||||
|     </body> | ||||
|  | ||||
| @ -7,7 +7,7 @@ | ||||
|         <style type="text/css"> | ||||
|             /*<![CDATA[*/ | ||||
|             body { | ||||
|                 background-color: #fff; | ||||
|                 background-color: #FAF5F5; | ||||
|                 color: #000; | ||||
|                 font-size: 0.9em; | ||||
|                 font-family: sans-serif,helvetica; | ||||
| @ -15,19 +15,19 @@ | ||||
|                 padding: 0; | ||||
|             } | ||||
|             :link { | ||||
|                 color: #c00; | ||||
|                 color: #0B2335; | ||||
|             } | ||||
|             :visited { | ||||
|                 color: #c00; | ||||
|                 color: #0B2335; | ||||
|             } | ||||
|             a:hover { | ||||
|                 color: #f50; | ||||
|                 color: #0069DA; | ||||
|             } | ||||
|             h1 { | ||||
|                 text-align: center; | ||||
|                 margin: 0; | ||||
|                 padding: 0.6em 2em 0.4em; | ||||
|                 background-color: #900; | ||||
|                 background-color: #0B2335; | ||||
|                 color: #fff; | ||||
|                 font-weight: normal; | ||||
|                 font-size: 1.75em; | ||||
| @ -39,7 +39,7 @@ | ||||
|             } | ||||
|             h2 { | ||||
|                 text-align: center; | ||||
|                 background-color: #900; | ||||
|                 background-color: #0B2335; | ||||
|                 font-size: 1.1em; | ||||
|                 font-weight: bold; | ||||
|                 color: #fff; | ||||
| @ -64,7 +64,7 @@ | ||||
|             } | ||||
| 
 | ||||
|             img { | ||||
|                 border: 2px solid #fff; | ||||
|                 border: 2px solid #FAF5F5; | ||||
|                 padding: 2px; | ||||
|                 margin: 2px; | ||||
|             } | ||||
| @ -92,7 +92,7 @@ | ||||
|                     <p>Something has triggered missing webpage on your | ||||
|                     website. This is the default error page for | ||||
|                     <strong>nginx</strong> that is distributed with | ||||
|                     Red Hat Enterprise Linux.  It is located | ||||
|                     AlmaLinux.  It is located | ||||
|                     <tt>/usr/share/nginx/html/50x.html</tt></p> | ||||
| 
 | ||||
|                     <p>You should customize this error page for your own | ||||
| @ -100,7 +100,7 @@ | ||||
|                     the <strong>nginx</strong> configuration file | ||||
|                     <tt>/etc/nginx/nginx.conf</tt>.</p> | ||||
| 
 | ||||
|                     <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p> | ||||
|                     <p>For information on AlmaLinux, please visit the <a href="http://www.almalinux.org/">AlmaLinux website</a>.</p> | ||||
| 
 | ||||
|                 </div> | ||||
|             </div> | ||||
| @ -110,10 +110,10 @@ | ||||
|                     src="nginx-logo.png" | ||||
|                     alt="[ Powered by nginx ]" | ||||
|                     width="121" height="32" /></a> | ||||
|                 <a href="http://www.redhat.com/"><img | ||||
|                     src="poweredby.png" | ||||
|                     alt="[ Powered by Red Hat Enterprise Linux ]" | ||||
|                     width="88" height="31" /></a> | ||||
|                 <a href="http://www.almalinux.org/"><img | ||||
|                     src="/icons/poweredby.png" | ||||
|                     alt="[ Powered by AlmaLinux ]" | ||||
|                     width="124" height="32" /></a> | ||||
|             </div> | ||||
|         </div> | ||||
|     </body> | ||||
|  | ||||
| @ -1,117 +0,0 @@ | ||||
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> | ||||
| 
 | ||||
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> | ||||
|     <head> | ||||
|         <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title> | ||||
|         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | ||||
|         <style type="text/css"> | ||||
|             /*<![CDATA[*/ | ||||
|             body { | ||||
|                 background-color: #fff; | ||||
|                 color: #000; | ||||
|                 font-size: 0.9em; | ||||
|                 font-family: sans-serif,helvetica; | ||||
|                 margin: 0; | ||||
|                 padding: 0; | ||||
|             } | ||||
|             :link { | ||||
|                 color: #c00; | ||||
|             } | ||||
|             :visited { | ||||
|                 color: #c00; | ||||
|             } | ||||
|             a:hover { | ||||
|                 color: #f50; | ||||
|             } | ||||
|             h1 { | ||||
|                 text-align: center; | ||||
|                 margin: 0; | ||||
|                 padding: 0.6em 2em 0.4em; | ||||
|                 background-color: #900; | ||||
|                 color: #fff; | ||||
|                 font-weight: normal; | ||||
|                 font-size: 1.75em; | ||||
|                 border-bottom: 2px solid #000; | ||||
|             } | ||||
|             h1 strong { | ||||
|                 font-weight: bold; | ||||
|                 font-size: 1.5em; | ||||
|             } | ||||
|             h2 { | ||||
|                 text-align: center; | ||||
|                 background-color: #900; | ||||
|                 font-size: 1.1em; | ||||
|                 font-weight: bold; | ||||
|                 color: #fff; | ||||
|                 margin: 0; | ||||
|                 padding: 0.5em; | ||||
|                 border-bottom: 2px solid #000; | ||||
|             } | ||||
|             hr { | ||||
|                 display: none; | ||||
|             } | ||||
|             .content { | ||||
|                 padding: 1em 5em; | ||||
|             } | ||||
|             .alert { | ||||
|                 border: 2px solid #000; | ||||
|             } | ||||
| 
 | ||||
|             img { | ||||
|                 border: 2px solid #fff; | ||||
|                 padding: 2px; | ||||
|                 margin: 2px; | ||||
|             } | ||||
|             a:hover img { | ||||
|                 border: 2px solid #294172; | ||||
|             } | ||||
|             .logos { | ||||
|                 margin: 1em; | ||||
|                 text-align: center; | ||||
|             } | ||||
|             /*]]>*/ | ||||
|         </style> | ||||
|     </head> | ||||
| 
 | ||||
|     <body> | ||||
|         <h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1> | ||||
| 
 | ||||
|         <div class="content"> | ||||
|             <p>This page is used to test the proper operation of the | ||||
|             <strong>nginx</strong> HTTP server after it has been | ||||
|             installed. If you can read this page, it means that the | ||||
|             web server installed at this site is working | ||||
|             properly.</p> | ||||
| 
 | ||||
|             <div class="alert"> | ||||
|                 <h2>Website Administrator</h2> | ||||
|                 <div class="content"> | ||||
|                     <p>This is the default <tt>index.html</tt> page that | ||||
|                     is distributed with <strong>nginx</strong> on | ||||
|                     Red Hat Enterprise Linux.  It is located in | ||||
|                     <tt>/usr/share/nginx/html</tt>.</p> | ||||
| 
 | ||||
|                     <p>You should now put your content in a location of | ||||
|                     your choice and edit the <tt>root</tt> configuration | ||||
|                     directive in the <strong>nginx</strong> | ||||
|                     configuration file | ||||
|                     <tt>/etc/nginx/nginx.conf</tt>.</p> | ||||
| 
 | ||||
|                     <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p> | ||||
| 
 | ||||
|                 </div> | ||||
|             </div> | ||||
| 
 | ||||
|             <div class="logos"> | ||||
|                 <a href="http://nginx.net/"><img | ||||
|                     src="nginx-logo.png"  | ||||
|                     alt="[ Powered by nginx ]" | ||||
|                     width="121" height="32" /></a> | ||||
|                 <a href="http://www.redhat.com/"><img | ||||
|                     src="poweredby.png" | ||||
|                     alt="[ Powered by Red Hat Enterprise Linux ]" | ||||
|                     width="88" height="31" /></a> | ||||
|             </div> | ||||
|         </div> | ||||
|     </body> | ||||
| </html> | ||||
							
								
								
									
										20
									
								
								SOURCES/macros.nginxmods.in
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								SOURCES/macros.nginxmods.in
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,20 @@ | ||||
| %_nginx_abiversion @@NGINX_ABIVERSION@@ | ||||
| %_nginx_srcdir @@NGINX_SRCDIR@@ | ||||
| %_nginx_buildsrcdir nginx-src | ||||
| %_nginx_modsrcdir .. | ||||
| %_nginx_modbuilddir ../%{_vpath_builddir} | ||||
| %nginx_moddir @@NGINX_MODDIR@@ | ||||
| %nginx_modconfdir @@NGINX_MODCONFDIR@@ | ||||
| 
 | ||||
| %nginx_modrequires Requires: nginx(abi) = %{_nginx_abiversion} | ||||
| 
 | ||||
| %nginx_modconfigure(:-:) \\\ | ||||
|   %undefine _strict_symbol_defs_build \ | ||||
|   cp -a "%{_nginx_srcdir}" "%{_nginx_buildsrcdir}" \ | ||||
|   cd "%{_nginx_buildsrcdir}" \ | ||||
|   nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" \ | ||||
|   ./configure --with-compat --with-cc-opt="%{optflags} $(pcre-config --cflags)" --with-ld-opt="$nginx_ldopts" \\\ | ||||
|               --add-dynamic-module=$(realpath %{_nginx_modsrcdir}) --builddir=$(realpath %{_nginx_modbuilddir}) %{**} \ | ||||
|   cd - | ||||
| 
 | ||||
| %nginx_modbuild %{__make} -C "%{_nginx_buildsrcdir}" %{_make_output_sync} %{?_smp_mflags} %{_make_verbose} modules | ||||
| @ -1,13 +0,0 @@ | ||||
| diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
 | ||||
| index aee7a58..bcceecb 100644
 | ||||
| --- a/src/core/ngx_cycle.c
 | ||||
| +++ b/src/core/ngx_cycle.c
 | ||||
| @@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
 | ||||
|          } | ||||
|   | ||||
|          fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND, | ||||
| -                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS);
 | ||||
| +                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220);
 | ||||
|   | ||||
|          ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, | ||||
|                         "reopen file \"%s\", old:%d new:%d", | ||||
							
								
								
									
										10
									
								
								SOURCES/nginx-1.20.1.tar.gz.asc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								SOURCES/nginx-1.20.1.tar.gz.asc
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,10 @@ | ||||
| -----BEGIN PGP SIGNATURE----- | ||||
| 
 | ||||
| iQEcBAABCAAGBQJgrPDQAAoJEFIKmZOhwFL4dlIH/RFvUn4wiazXVujdm1df2/Q5 | ||||
| b+NVlr+O9WZ2Mb35dooOshG/G2wVjI95Cd5NU6svulJ05uv6tGgHA0CUZP6PLqIm | ||||
| 4os5QcgbEbfdDbfQEw7wyc831DqiBPwzk/xt954vsqwzX3mkXvUNTEYpynguwN1J | ||||
| 2iMb/bFRSlLZkKGbKOmLMO7iav0r88qtpmQIzG1mFTDg3leH0q3hEMAJl7pIicYd | ||||
| Of3+/EHnM8CXORtA1q6YTLbcHAzhSmjdrMyw+RQGQkxoPtdj9vwL4Z6Wk8+6dDK7 | ||||
| dVBaiKp80tDM/iJizPbkbrBVbnR/9W48+QBC7tmOJMuj2c1Q/kvwJg9CLyHlqCU= | ||||
| =tPti | ||||
| -----END PGP SIGNATURE----- | ||||
| @ -1,13 +0,0 @@ | ||||
| --- auto/cc/gcc.orig	2007-03-22 08:34:53.000000000 -0600
 | ||||
| +++ auto/cc/gcc	2007-03-22 08:58:47.000000000 -0600
 | ||||
| @@ -172,7 +172,9 @@
 | ||||
|   | ||||
|   | ||||
|  # stop on warning | ||||
| -CFLAGS="$CFLAGS -Werror"
 | ||||
| +# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
 | ||||
| +# to not compile.
 | ||||
| +#CFLAGS="$CFLAGS -Werror"
 | ||||
|   | ||||
|  # debug | ||||
|  CFLAGS="$CFLAGS -g" | ||||
| @ -25,7 +25,7 @@ http { | ||||
|     tcp_nopush          on; | ||||
|     tcp_nodelay         on; | ||||
|     keepalive_timeout   65; | ||||
|     types_hash_max_size 2048; | ||||
|     types_hash_max_size 4096; | ||||
| 
 | ||||
|     include             /etc/nginx/mime.types; | ||||
|     default_type        application/octet-stream; | ||||
| @ -36,31 +36,28 @@ http { | ||||
|     include /etc/nginx/conf.d/*.conf; | ||||
| 
 | ||||
|     server { | ||||
|         listen       80 default_server; | ||||
|         listen       [::]:80 default_server; | ||||
|         listen       80; | ||||
|         listen       [::]:80; | ||||
|         server_name  _; | ||||
|         root         /usr/share/nginx/html; | ||||
| 
 | ||||
|         # Load configuration files for the default server block. | ||||
|         include /etc/nginx/default.d/*.conf; | ||||
| 
 | ||||
|         location / { | ||||
|         } | ||||
| 
 | ||||
|         error_page 404 /404.html; | ||||
|             location = /40x.html { | ||||
|         location = /404.html { | ||||
|         } | ||||
| 
 | ||||
|         error_page 500 502 503 504 /50x.html; | ||||
|             location = /50x.html { | ||||
|         location = /50x.html { | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| # Settings for a TLS enabled server. | ||||
| # | ||||
| #    server { | ||||
| #        listen       443 ssl http2 default_server; | ||||
| #        listen       [::]:443 ssl http2 default_server; | ||||
| #        listen       443 ssl http2; | ||||
| #        listen       [::]:443 ssl http2; | ||||
| #        server_name  _; | ||||
| #        root         /usr/share/nginx/html; | ||||
| # | ||||
| @ -74,9 +71,6 @@ http { | ||||
| #        # Load configuration files for the default server block. | ||||
| #        include /etc/nginx/default.d/*.conf; | ||||
| # | ||||
| #        location / { | ||||
| #        } | ||||
| # | ||||
| #        error_page 404 /404.html; | ||||
| #            location = /40x.html { | ||||
| #        } | ||||
|  | ||||
| @ -1,10 +1,11 @@ | ||||
| /var/log/nginx/*log { | ||||
|     create 0664 nginx root | ||||
| /var/log/nginx/*.log { | ||||
|     create 0640 nginx root | ||||
|     daily | ||||
|     rotate 10 | ||||
|     missingok | ||||
|     notifempty | ||||
|     compress | ||||
|     delaycompress | ||||
|     sharedscripts | ||||
|     postrotate | ||||
|         /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true | ||||
|  | ||||
| @ -1,6 +1,7 @@ | ||||
| [Unit] | ||||
| Description=The nginx HTTP and reverse proxy server | ||||
| After=network.target remote-fs.target nss-lookup.target | ||||
| After=network-online.target remote-fs.target nss-lookup.target | ||||
| Wants=network-online.target | ||||
| 
 | ||||
| [Service] | ||||
| Type=forking | ||||
| @ -11,7 +12,7 @@ PIDFile=/run/nginx.pid | ||||
| ExecStartPre=/usr/bin/rm -f /run/nginx.pid | ||||
| ExecStartPre=/usr/sbin/nginx -t | ||||
| ExecStart=/usr/sbin/nginx | ||||
| ExecReload=/bin/kill -s HUP $MAINPID | ||||
| ExecReload=/usr/sbin/nginx -s reload | ||||
| KillSignal=SIGQUIT | ||||
| TimeoutStopSec=5 | ||||
| KillMode=mixed | ||||
|  | ||||
							
								
								
									
										14
									
								
								SOURCES/nginxmods.attr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								SOURCES/nginxmods.attr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,14 @@ | ||||
| %__nginxmods_requires() %{lua: | ||||
|     -- Match buildroot paths of the form | ||||
|     --    /PATH/OF/BUILDROOT/usr/lib/nginx/modules/  and | ||||
|     --    /PATH/OF/BUILDROOT/usr/lib64/nginx/modules/ | ||||
|     -- generating a line of the form: | ||||
|     --    nginx(abi) = VERSION | ||||
|     local path = rpm.expand("%1") | ||||
|     if path:match("/usr/lib%d*/nginx/modules/.*") then | ||||
|         local requires = "nginx(abi) = " .. rpm.expand("%{_nginx_abiversion}") | ||||
|         print(requires) | ||||
|     end | ||||
| } | ||||
| 
 | ||||
| %__nginxmods_path ^%{_prefix}/lib(64)?/nginx/modules/.*\\.so$ | ||||
							
								
								
									
										566
									
								
								SPECS/nginx.spec
									
									
									
									
									
								
							
							
						
						
									
										566
									
								
								SPECS/nginx.spec
									
									
									
									
									
								
							| @ -5,10 +5,20 @@ | ||||
| # See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19 | ||||
| %undefine _strict_symbol_defs_build | ||||
| 
 | ||||
| %global with_gperftools 0 | ||||
| 
 | ||||
| %bcond_with geoip | ||||
| 
 | ||||
| # nginx gperftools support should be dissabled for RHEL >= 8 | ||||
| # see: https://bugzilla.redhat.com/show_bug.cgi?id=1931402 | ||||
| %if 0%{?rhel} >= 8 | ||||
| %global with_gperftools 0 | ||||
| %else | ||||
| # gperftools exist only on selected arches | ||||
| # gperftools *detection* is failing on ppc64*, possibly only configure | ||||
| # bug, but disable anyway. | ||||
| %ifnarch s390 s390x ppc64 ppc64le | ||||
| %global with_gperftools 1 | ||||
| %endif | ||||
| %endif | ||||
| 
 | ||||
| %global with_aio 1 | ||||
| 
 | ||||
| @ -16,26 +26,42 @@ | ||||
| %global with_mailcap_mimetypes 1 | ||||
| %endif | ||||
| 
 | ||||
| # Cf. https://www.nginx.com/blog/creating-installable-packages-dynamic-modules/ | ||||
| %global nginx_abiversion %{version} | ||||
| 
 | ||||
| %global nginx_moduledir %{_libdir}/nginx/modules | ||||
| %global nginx_moduleconfdir %{_datadir}/nginx/modules | ||||
| %global nginx_srcdir %{_usrsrc}/%{name}-%{version}-%{release} | ||||
| 
 | ||||
| # Do not generate provides/requires from nginx sources | ||||
| %global __provides_exclude_from ^%{nginx_srcdir}/.*$ | ||||
| %global __requires_exclude_from ^%{nginx_srcdir}/.*$ | ||||
| 
 | ||||
| 
 | ||||
| Name:              nginx | ||||
| Epoch:             1 | ||||
| Version:           1.16.1 | ||||
| Release:           1%{?dist} | ||||
| Version:           1.20.1 | ||||
| Release:           15%{?dist}.alma | ||||
| 
 | ||||
| Summary:           A high performance web server and reverse proxy server | ||||
| Group:             System Environment/Daemons | ||||
| # BSD License (two clause) | ||||
| # http://www.freebsd.org/copyright/freebsd-license.html | ||||
| License:           BSD | ||||
| URL:               http://nginx.org/ | ||||
| URL:               https://nginx.org | ||||
| 
 | ||||
| Source0:           https://nginx.org/download/nginx-%{version}.tar.gz | ||||
| Source1:           https://nginx.org/download/nginx-%{version}.tar.gz.asc | ||||
| # Keys are found here: https://nginx.org/en/pgp_keys.html | ||||
| Source2:           https://nginx.org/keys/maxim.key | ||||
| Source3:           https://nginx.org/keys/mdounin.key | ||||
| Source4:           https://nginx.org/keys/sb.key | ||||
| Source10:          nginx.service | ||||
| Source11:          nginx.logrotate | ||||
| Source12:          nginx.conf | ||||
| Source13:          nginx-upgrade | ||||
| Source14:          nginx-upgrade.8 | ||||
| Source100:         index.html | ||||
| Source101:         poweredby.png | ||||
| Source15:          macros.nginxmods.in | ||||
| Source16:          nginxmods.attr | ||||
| Source102:         nginx-logo.png | ||||
| Source103:         404.html | ||||
| Source104:         50x.html | ||||
| @ -44,55 +70,85 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10 | ||||
| 
 | ||||
| # removes -Werror in upstream build scripts.  -Werror conflicts with | ||||
| # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. | ||||
| Patch0:            nginx-auto-cc-gcc.patch | ||||
| Patch0:            0001-remove-Werror-in-upstream-build-scripts.patch | ||||
| 
 | ||||
| # downstream patch - changing logs permissions to 664 instead | ||||
| # previous 644 | ||||
| Patch1:            nginx-1.14.0-logs-perm.patch | ||||
| # downstream patch - fix PIDFile race condition (rhbz#1869026) | ||||
| # rejected upstream: https://trac.nginx.org/nginx/ticket/1897 | ||||
| Patch1:            0002-fix-PIDFile-handling.patch | ||||
| 
 | ||||
| # PKCS#11 engine fix | ||||
| Patch2:            nginx-1.16.0-pkcs11.patch | ||||
| # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=1955564 | ||||
| Patch2:            0003-Support-loading-cert-hardware-token-PKC.patch | ||||
| 
 | ||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1655530 | ||||
| Patch3:            nginx-1.14.1-perl-module-hardening.patch | ||||
| # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822 | ||||
| Patch3:            0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch | ||||
| 
 | ||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1643647 | ||||
| Patch4:            nginx-1.16.0-enable-tls1v3-by-default.patch | ||||
| # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420 | ||||
| Patch4:            0005-Init-openssl-engine-properly.patch | ||||
| 
 | ||||
| # upstream patch - fixing ALPACA(CVE-2021-3618) security issue - https://bugzilla.redhat.com/show_bug.cgi?id=1975623 | ||||
| Patch5:            0006-Fix-ALPACA-security-issue.patch | ||||
| 
 | ||||
| # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2028781 | ||||
| Patch6:            0007-Enable-TLSv1.3-by-default.patch | ||||
| 
 | ||||
| BuildRequires:     make | ||||
| BuildRequires:     gcc | ||||
| BuildRequires:     gnupg2 | ||||
| %if 0%{?with_gperftools} | ||||
| BuildRequires:     gperftools-devel | ||||
| %endif | ||||
| %if 0%{?fedora} || 0%{?rhel} >= 8 | ||||
| BuildRequires:     openssl-devel | ||||
| %else | ||||
| BuildRequires:     openssl11-devel | ||||
| %endif | ||||
| BuildRequires:     pcre-devel | ||||
| BuildRequires:     zlib-devel | ||||
| 
 | ||||
| Requires:          nginx-filesystem = %{epoch}:%{version}-%{release} | ||||
| 
 | ||||
| %if 0%{?rhel} > 0 && 0%{?rhel} < 8 | ||||
| # Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later. | ||||
| Requires:          nginx-all-modules = %{epoch}:%{version}-%{release} | ||||
| %if 0%{?el7} | ||||
| # centos-logos el7 does not provide 'system-indexhtml' | ||||
| Requires:          system-logos redhat-indexhtml | ||||
| # need to remove epel7 geoip sub-package, doesn't work anymore | ||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1576034 | ||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1664957 | ||||
| Obsoletes:         nginx-mod-http-geoip <= 1:1.16 | ||||
| %else | ||||
| Requires:          system-logos-httpd | ||||
| %endif | ||||
| 
 | ||||
| Requires:          openssl | ||||
| Requires:          pcre | ||||
| Requires(pre):     nginx-filesystem | ||||
| %if 0%{?with_mailcap_mimetypes} | ||||
| Requires:          nginx-mimetypes | ||||
| %endif | ||||
| Provides:          webserver | ||||
| %if 0%{?fedora} || 0%{?rhel} >= 8 | ||||
| Recommends:        logrotate | ||||
| %endif | ||||
| Requires:          %{name}-core = %{epoch}:%{version}-%{release} | ||||
| 
 | ||||
| BuildRequires:     systemd | ||||
| Requires(post):    systemd | ||||
| Requires(preun):   systemd | ||||
| Requires(postun):  systemd | ||||
| # For external nginx modules | ||||
| Provides:          nginx(abi) = %{nginx_abiversion} | ||||
| 
 | ||||
| %description | ||||
| Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and | ||||
| IMAP protocols, with a strong focus on high concurrency, performance and low | ||||
| memory usage. | ||||
| 
 | ||||
| %package core | ||||
| Summary: nginx minimal core | ||||
| %if 0%{?with_mailcap_mimetypes} | ||||
| Requires:          nginx-mimetypes | ||||
| %endif | ||||
| Requires:          openssl-libs | ||||
| Requires(pre):     nginx-filesystem | ||||
| Conflicts:         nginx < 1:1.20.1-13 | ||||
| 
 | ||||
| %description core | ||||
| nginx minimal core | ||||
| 
 | ||||
| %package all-modules | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           A meta package that installs all available Nginx modules | ||||
| BuildArch:         noarch | ||||
| 
 | ||||
| @ -106,10 +162,9 @@ Requires:          nginx-mod-mail = %{epoch}:%{version}-%{release} | ||||
| Requires:          nginx-mod-stream = %{epoch}:%{version}-%{release} | ||||
| 
 | ||||
| %description all-modules | ||||
| A meta package that installs all available Nginx modules. | ||||
| Meta package that installs all available nginx modules. | ||||
| 
 | ||||
| %package filesystem | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           The basic directory layout for the Nginx server | ||||
| BuildArch:         noarch | ||||
| Requires(pre):     shadow-utils | ||||
| @ -121,10 +176,9 @@ directories. | ||||
| 
 | ||||
| %if %{with geoip} | ||||
| %package mod-http-geoip | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx HTTP geoip module | ||||
| BuildRequires:     GeoIP-devel | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| Requires:          GeoIP | ||||
| 
 | ||||
| %description mod-http-geoip | ||||
| @ -132,24 +186,22 @@ Requires:          GeoIP | ||||
| %endif | ||||
| 
 | ||||
| %package mod-http-image-filter | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx HTTP image filter module | ||||
| BuildRequires:     gd-devel | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| Requires:          gd | ||||
| 
 | ||||
| %description mod-http-image-filter | ||||
| %{summary}. | ||||
| 
 | ||||
| %package mod-http-perl | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx HTTP perl module | ||||
| BuildRequires:     perl-devel | ||||
| %if 0%{?fedora} >= 24 | ||||
| %if 0%{?fedora} >= 24 || 0%{?rhel} >= 7 | ||||
| BuildRequires:     perl-generators | ||||
| %endif | ||||
| BuildRequires:     perl(ExtUtils::Embed) | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) | ||||
| Requires:          perl(constant) | ||||
| 
 | ||||
| @ -157,39 +209,59 @@ Requires:          perl(constant) | ||||
| %{summary}. | ||||
| 
 | ||||
| %package mod-http-xslt-filter | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx XSLT module | ||||
| BuildRequires:     libxslt-devel | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| 
 | ||||
| %description mod-http-xslt-filter | ||||
| %{summary}. | ||||
| 
 | ||||
| %package mod-mail | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx mail modules | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| 
 | ||||
| %description mod-mail | ||||
| %{summary}. | ||||
| 
 | ||||
| %package mod-stream | ||||
| Group:             System Environment/Daemons | ||||
| Summary:           Nginx stream modules | ||||
| Requires:          nginx | ||||
| Requires:          nginx(abi) = %{nginx_abiversion} | ||||
| 
 | ||||
| %description mod-stream | ||||
| %{summary}. | ||||
| 
 | ||||
| %package mod-devel | ||||
| Summary:           Nginx module development files | ||||
| Requires:          nginx = %{epoch}:%{version}-%{release} | ||||
| Requires:          make | ||||
| Requires:          gcc | ||||
| Requires:          gd-devel | ||||
| %if 0%{?with_gperftools} | ||||
| Requires:          gperftools-devel | ||||
| %endif | ||||
| %if %{with geoip} | ||||
| Requires:          GeoIP-devel | ||||
| %endif | ||||
| Requires:          libxslt-devel | ||||
| %if 0%{?fedora} || 0%{?rhel} >= 8 | ||||
| Requires:          openssl-devel | ||||
| %else | ||||
| Requires:          openssl11-devel | ||||
| %endif | ||||
| Requires:          pcre-devel | ||||
| Requires:          perl-devel | ||||
| Requires:          perl(ExtUtils::Embed) | ||||
| Requires:          zlib-devel | ||||
| 
 | ||||
| %description mod-devel | ||||
| %{summary}. | ||||
| 
 | ||||
| 
 | ||||
| %prep | ||||
| %setup -q | ||||
| %patch0 -p0 | ||||
| %patch1 -p1 | ||||
| %patch2 -p1 | ||||
| %patch3 -p1 | ||||
| %patch4 -p1 | ||||
| 
 | ||||
| # Combine all keys from upstream into one file | ||||
| cat %{S:2} %{S:3} %{S:4} > %{_builddir}/%{name}.gpg | ||||
| %{gpgverify} --keyring='%{_builddir}/%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}' | ||||
| %autosetup -p1 | ||||
| cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . | ||||
| 
 | ||||
| %if 0%{?rhel} > 0 && 0%{?rhel} < 8 | ||||
| @ -197,6 +269,17 @@ sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service | ||||
| sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf | ||||
| %endif | ||||
| 
 | ||||
| %if 0%{?rhel} == 7 | ||||
| sed \ | ||||
|   -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl11|' \ | ||||
|   -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl11 |' \ | ||||
|   -i auto/lib/openssl/conf | ||||
| %endif | ||||
| 
 | ||||
| # Prepare sources for installation | ||||
| cp -a ../%{name}-%{version} ../%{name}-%{version}-%{release}-src | ||||
| mv ../%{name}-%{version}-%{release}-src . | ||||
| 
 | ||||
| 
 | ||||
| %build | ||||
| # nginx does not utilize a standard configure script.  It has its own | ||||
| @ -204,10 +287,12 @@ sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf | ||||
| # to error out.  This is is also the reason for the DESTDIR environment | ||||
| # variable. | ||||
| export DESTDIR=%{buildroot} | ||||
| ./configure \ | ||||
| # So the perl module finds its symbols: | ||||
| nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" | ||||
| if ! ./configure \ | ||||
|     --prefix=%{_datadir}/nginx \ | ||||
|     --sbin-path=%{_sbindir}/nginx \ | ||||
|     --modules-path=%{_libdir}/nginx/modules \ | ||||
|     --modules-path=%{nginx_moduledir} \ | ||||
|     --conf-path=%{_sysconfdir}/nginx/nginx.conf \ | ||||
|     --error-log-path=%{_localstatedir}/log/nginx/error.log \ | ||||
|     --http-log-path=%{_localstatedir}/log/nginx/access.log \ | ||||
| @ -220,51 +305,56 @@ export DESTDIR=%{buildroot} | ||||
|     --lock-path=/run/lock/subsys/nginx \ | ||||
|     --user=%{nginx_user} \ | ||||
|     --group=%{nginx_user} \ | ||||
|     --with-compat \ | ||||
|     --with-debug \ | ||||
| %if 0%{?with_aio} | ||||
|     --with-file-aio \ | ||||
| %endif | ||||
|     --with-ipv6 \ | ||||
|     --with-http_ssl_module \ | ||||
|     --with-http_v2_module \ | ||||
|     --with-http_realip_module \ | ||||
|     --with-stream_ssl_preread_module \ | ||||
| %if 0%{?with_gperftools} | ||||
|     --with-google_perftools_module \ | ||||
| %endif | ||||
|     --with-http_addition_module \ | ||||
|     --with-http_xslt_module=dynamic \ | ||||
|     --with-http_image_filter_module=dynamic \ | ||||
|     --with-http_auth_request_module \ | ||||
|     --with-http_dav_module \ | ||||
|     --with-http_degradation_module \ | ||||
|     --with-http_flv_module \ | ||||
| %if %{with geoip} | ||||
|     --with-http_geoip_module=dynamic \ | ||||
| %endif | ||||
|     --with-http_sub_module \ | ||||
|     --with-http_dav_module \ | ||||
|     --with-http_flv_module \ | ||||
|     --with-http_mp4_module \ | ||||
|     --with-http_gunzip_module \ | ||||
|     --with-http_gzip_static_module \ | ||||
|     --with-http_random_index_module \ | ||||
|     --with-http_secure_link_module \ | ||||
|     --with-http_degradation_module \ | ||||
|     --with-http_slice_module \ | ||||
|     --with-http_stub_status_module \ | ||||
|     --with-http_image_filter_module=dynamic \ | ||||
|     --with-http_mp4_module \ | ||||
|     --with-http_perl_module=dynamic \ | ||||
|     --with-http_auth_request_module \ | ||||
|     --with-http_random_index_module \ | ||||
|     --with-http_realip_module \ | ||||
|     --with-http_secure_link_module \ | ||||
|     --with-http_slice_module \ | ||||
|     --with-http_ssl_module \ | ||||
|     --with-http_stub_status_module \ | ||||
|     --with-http_sub_module \ | ||||
|     --with-http_v2_module \ | ||||
|     --with-http_xslt_module=dynamic \ | ||||
|     --with-mail=dynamic \ | ||||
|     --with-mail_ssl_module \ | ||||
|     --with-pcre \ | ||||
|     --with-pcre-jit \ | ||||
|     --with-stream=dynamic \ | ||||
|     --with-stream_ssl_module \ | ||||
| %if 0%{?with_gperftools} | ||||
|     --with-google_perftools_module \ | ||||
| %endif | ||||
|     --with-debug \ | ||||
|     --with-stream_ssl_preread_module \ | ||||
|     --with-threads \ | ||||
|     --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ | ||||
|     --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols | ||||
|     --with-ld-opt="$nginx_ldopts"; then | ||||
|   : configure failed | ||||
|   cat objs/autoconf.err | ||||
|   exit 1 | ||||
| fi | ||||
| 
 | ||||
| make %{?_smp_mflags} | ||||
| %make_build | ||||
| 
 | ||||
| 
 | ||||
| %install | ||||
| make install DESTDIR=%{buildroot} INSTALLDIRS=vendor | ||||
| %make_install INSTALLDIRS=vendor | ||||
| 
 | ||||
| find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; | ||||
| find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; | ||||
| @ -287,15 +377,39 @@ install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp | ||||
| install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx | ||||
| 
 | ||||
| install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html | ||||
| install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules | ||||
| install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules | ||||
| install -p -d -m 0755 %{buildroot}%{nginx_moduleconfdir} | ||||
| install -p -d -m 0755 %{buildroot}%{nginx_moduledir} | ||||
| 
 | ||||
| 
 | ||||
| install -p -m 0644 ./nginx.conf \ | ||||
|     %{buildroot}%{_sysconfdir}/nginx | ||||
| install -p -m 0644 %{SOURCE100} \ | ||||
|     %{buildroot}%{_datadir}/nginx/html | ||||
| install -p -m 0644 %{SOURCE101} %{SOURCE102} \ | ||||
| 
 | ||||
| rm -f %{buildroot}%{_datadir}/nginx/html/index.html | ||||
| %if 0%{?el7} | ||||
| ln -s ../../doc/HTML/index.html \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/index.html | ||||
| ln -s ../../doc/HTML/img \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/img | ||||
| ln -s ../../doc/HTML/en-US \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/en-US | ||||
| %else | ||||
| ln -s ../../testpage/index.html \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/index.html | ||||
| %endif | ||||
| install -p -m 0644 %{SOURCE102} \ | ||||
|     %{buildroot}%{_datadir}/nginx/html | ||||
| ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png | ||||
| mkdir -p %{buildroot}%{_datadir}/nginx/html/icons | ||||
| 
 | ||||
| # Symlink for the powered-by-$DISTRO image: | ||||
| ln -s ../../../pixmaps/poweredby.png \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/icons/poweredby.png | ||||
| 
 | ||||
| %if 0%{?rhel} >= 9 | ||||
| ln -s ../../pixmaps/system-noindex-logo.png \ | ||||
|       %{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png | ||||
| %endif | ||||
| 
 | ||||
| install -p -m 0644 %{SOURCE103} %{SOURCE104} \ | ||||
|     %{buildroot}%{_datadir}/nginx/html | ||||
| 
 | ||||
| @ -309,25 +423,41 @@ install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \ | ||||
| install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade | ||||
| install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8 | ||||
| 
 | ||||
| for i in ftdetect indent syntax; do | ||||
| for i in ftdetect ftplugin indent syntax; do | ||||
|     install -p -D -m644 contrib/vim/${i}/nginx.vim \ | ||||
|         %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim | ||||
| done | ||||
| 
 | ||||
| %if %{with geoip} | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_http_geoip_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-http-geoip.conf | ||||
| %endif | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf | ||||
| echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ | ||||
|     > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_http_image_filter_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-http-image-filter.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_http_perl_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-http-perl.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_http_xslt_filter_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-http-xslt-filter.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_mail_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-mail.conf | ||||
| echo 'load_module "%{nginx_moduledir}/ngx_stream_module.so";' \ | ||||
|     > %{buildroot}%{nginx_moduleconfdir}/mod-stream.conf | ||||
| 
 | ||||
| # Install files for supporting nginx module builds | ||||
| ## Install source files | ||||
| mkdir -p %{buildroot}%{_usrsrc} | ||||
| mv %{name}-%{version}-%{release}-src %{buildroot}%{nginx_srcdir} | ||||
| ## Install rpm macros | ||||
| mkdir -p %{buildroot}%{_rpmmacrodir} | ||||
| sed -e "s|@@NGINX_ABIVERSION@@|%{nginx_abiversion}|g" \ | ||||
|     -e "s|@@NGINX_MODDIR@@|%{nginx_moduledir}|g" \ | ||||
|     -e "s|@@NGINX_MODCONFDIR@@|%{nginx_moduleconfdir}|g" \ | ||||
|     -e "s|@@NGINX_SRCDIR@@|%{nginx_srcdir}|g" \ | ||||
|     %{SOURCE15} > %{buildroot}%{_rpmmacrodir}/macros.nginxmods | ||||
| ## Install dependency generator | ||||
| install -Dpm0644 -t %{buildroot}%{_fileattrsdir} %{SOURCE16} | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| %pre filesystem | ||||
| getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} | ||||
| @ -381,21 +511,24 @@ if [ $1 -ge 1 ]; then | ||||
| fi | ||||
| 
 | ||||
| %files | ||||
| %license LICENSE | ||||
| %doc CHANGES README README.dynamic | ||||
| %if 0%{?rhel} == 7 | ||||
| %doc UPGRADE-NOTES-1.6-to-1.10 | ||||
| %endif | ||||
| %{_datadir}/nginx/html/* | ||||
| %{_bindir}/nginx-upgrade | ||||
| %{_sbindir}/nginx | ||||
| %{_datadir}/vim/vimfiles/ftdetect/nginx.vim | ||||
| %{_datadir}/vim/vimfiles/ftplugin/nginx.vim | ||||
| %{_datadir}/vim/vimfiles/syntax/nginx.vim | ||||
| %{_datadir}/vim/vimfiles/indent/nginx.vim | ||||
| %{_mandir}/man3/nginx.3pm* | ||||
| %{_mandir}/man8/nginx.8* | ||||
| %{_mandir}/man8/nginx-upgrade.8* | ||||
| %{_unitdir}/nginx.service | ||||
| 
 | ||||
| %files core | ||||
| %license LICENSE | ||||
| %doc CHANGES README README.dynamic | ||||
| %{_sbindir}/nginx | ||||
| %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf | ||||
| %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default | ||||
| %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params | ||||
| @ -416,8 +549,11 @@ fi | ||||
| %config(noreplace) %{_sysconfdir}/logrotate.d/nginx | ||||
| %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx | ||||
| %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp | ||||
| %attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx | ||||
| %dir %{_libdir}/nginx/modules | ||||
| %attr(711,root,root) %dir %{_localstatedir}/log/nginx | ||||
| %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log | ||||
| %ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log | ||||
| %dir %{nginx_moduledir} | ||||
| %dir %{nginx_moduleconfdir} | ||||
| 
 | ||||
| %files all-modules | ||||
| 
 | ||||
| @ -432,97 +568,215 @@ fi | ||||
| 
 | ||||
| %if %{with geoip} | ||||
| %files mod-http-geoip | ||||
| %{_datadir}/nginx/modules/mod-http-geoip.conf | ||||
| %{_libdir}/nginx/modules/ngx_http_geoip_module.so | ||||
| %{nginx_moduleconfdir}/mod-http-geoip.conf | ||||
| %{nginx_moduledir}/ngx_http_geoip_module.so | ||||
| %endif | ||||
| 
 | ||||
| %files mod-http-image-filter | ||||
| %{_datadir}/nginx/modules/mod-http-image-filter.conf | ||||
| %{_libdir}/nginx/modules/ngx_http_image_filter_module.so | ||||
| %{nginx_moduleconfdir}/mod-http-image-filter.conf | ||||
| %{nginx_moduledir}/ngx_http_image_filter_module.so | ||||
| 
 | ||||
| %files mod-http-perl | ||||
| %{_datadir}/nginx/modules/mod-http-perl.conf | ||||
| %{_libdir}/nginx/modules/ngx_http_perl_module.so | ||||
| %{nginx_moduleconfdir}/mod-http-perl.conf | ||||
| %{nginx_moduledir}/ngx_http_perl_module.so | ||||
| %dir %{perl_vendorarch}/auto/nginx | ||||
| %{perl_vendorarch}/nginx.pm | ||||
| %{perl_vendorarch}/auto/nginx/nginx.so | ||||
| 
 | ||||
| %files mod-http-xslt-filter | ||||
| %{_datadir}/nginx/modules/mod-http-xslt-filter.conf | ||||
| %{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so | ||||
| %{nginx_moduleconfdir}/mod-http-xslt-filter.conf | ||||
| %{nginx_moduledir}/ngx_http_xslt_filter_module.so | ||||
| 
 | ||||
| %files mod-mail | ||||
| %{_datadir}/nginx/modules/mod-mail.conf | ||||
| %{_libdir}/nginx/modules/ngx_mail_module.so | ||||
| %{nginx_moduleconfdir}/mod-mail.conf | ||||
| %{nginx_moduledir}/ngx_mail_module.so | ||||
| 
 | ||||
| %files mod-stream | ||||
| %{_datadir}/nginx/modules/mod-stream.conf | ||||
| %{_libdir}/nginx/modules/ngx_stream_module.so | ||||
| %{nginx_moduleconfdir}/mod-stream.conf | ||||
| %{nginx_moduledir}/ngx_stream_module.so | ||||
| 
 | ||||
| %files mod-devel | ||||
| %{_rpmmacrodir}/macros.nginxmods | ||||
| %{_fileattrsdir}/nginxmods.attr | ||||
| %{nginx_srcdir}/ | ||||
| 
 | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1 | ||||
| - update to 1.16.1 | ||||
| - Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount | ||||
|   of data request leads to denial of service | ||||
| - Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using | ||||
|   PRIORITY frames resulting in excessive resource consumption | ||||
| - Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length | ||||
|   headers leads to denial of service | ||||
| * Thu Aug 03 2023 Koichiro Iwao <meta@almalinux.org> - 1.20.1-15.alma | ||||
| - Show correct AlmaLinux logo on default error pages | ||||
|   Resolves: https://bugs.almalinux.org/view.php?id=415 | ||||
| 
 | ||||
| * Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2 | ||||
| - Resolves: #1718929 - ssl_protocols config option has faulty behavior | ||||
|   in nginx:1.16 | ||||
| * Tue May 09 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.20.1-14.alma | ||||
| - Debrand for AlmaLinux | ||||
| 
 | ||||
| * Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1 | ||||
| - new version 1.16.0 | ||||
| - enable ngx_stream_ssl_preread module | ||||
| - main package does NOT require all-modules package | ||||
| * Thu Nov 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14 | ||||
| - Resolves: #2086527 - Fix logrotate config and nginx log dir permissions | ||||
| * Wed Jun 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-13 | ||||
| - Resolves: #2099752 - nginx minimisation for ubi-micro | ||||
| * Tue Jun 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-11 | ||||
| - Resolves: #2028781 - Protocol : TLSv1.3 missing in rhel9 | ||||
| 
 | ||||
| * Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8 | ||||
| - enable TLS 1.3 by default (#1643647) | ||||
| - TLSv1.0 and TLSv1.1 can be enabled now (#1644746) | ||||
| * Wed Feb 02 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-10 | ||||
| - Resolves: #1975747 - CVE-2021-3618 nginx: ALPACA: Application Layer Protocol | ||||
|   Confusion - Analyzing and Mitigating Cracks in TLS Authentication | ||||
| 
 | ||||
| * Thu Dec  2 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-9 | ||||
| - add delaycompress to logrotate config (#2015250) | ||||
| 
 | ||||
| * Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-8 | ||||
| - Resolves: #2007019 - use proper wording in error pages | ||||
| 
 | ||||
| * Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-7 | ||||
| - Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11) | ||||
| 
 | ||||
| * Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6 | ||||
| - Resolves: #2006822 - Hardening tests fail for nginx | ||||
| 
 | ||||
| * Tue Sep 21 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-5 | ||||
| - Add -mod-devel subpackage for building external nginx modules | ||||
|   Resolves: rhbz#1991720 (Neal Gompa) | ||||
| 
 | ||||
| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.20.1-4 | ||||
| - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | ||||
|   Related: rhbz#1991688 | ||||
| 
 | ||||
| * Mon Aug 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-3 | ||||
| - Resolves: #1991600 - Add logo symlink required by new testpage | ||||
| 
 | ||||
| * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.20.1-2 | ||||
| - Rebuilt for RHEL 9 BETA for openssl 3.0 | ||||
|   Related: rhbz#1971065 | ||||
| 
 | ||||
| * Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-1 | ||||
| - new version 1.20.1 | ||||
| - Resolves: #1964814 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() | ||||
|   when labels are followed by a pointer to a root domain name | ||||
| 
 | ||||
| * Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-5 | ||||
| - Resolves: #1955564 - [RFE] Support loading certificates from hardware | ||||
|   token (PKCS#11) | ||||
| 
 | ||||
| * Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-4 | ||||
| - Resolves: #1955560 - centralizing default index.html on nginx | ||||
| 
 | ||||
| * Mon Apr 26 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-3 | ||||
| - Resolve: #1953639 - Rebase nginx to 1.20 | ||||
| 
 | ||||
| * Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-2 | ||||
| - sync rawhide and EPEL7 spec files again | ||||
| - systemd service reload now checks config file (rhbz#1565377) | ||||
| - drop nginx requirement on nginx-all-modules (rhbz#1708799) | ||||
| - let nginx handle log creation on logrotate (rhbz#1683388) | ||||
| - have log directory owned by root (rhbz#1390183, CVE-2016-1247) | ||||
| - remove obsolete --with-ipv6 (src PR#8) | ||||
| - correction: pcre2 is actually not supported by nginx, reintroduce pcre | ||||
| 
 | ||||
| * Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-1 | ||||
| - update to 1.20.0 | ||||
| - sync with mainline spec file | ||||
| - order configure options alphabetically for easier comparinggit | ||||
| - add --with-compat option (rhbz#1834452) | ||||
| - add patch to fix PIDFile race condition (rhbz#1869026) | ||||
| - use pcre2 instead of pcre (rhbz#1938984) | ||||
| - add Wants=network-online.target to systemd unit (rhbz#1943779) | ||||
| 
 | ||||
| * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.18.0-6 | ||||
| - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 | ||||
| 
 | ||||
| * Mon Feb 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-5 | ||||
| - Resolves: #1931402 - drop gperftools module | ||||
| 
 | ||||
| * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-4 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild | ||||
| 
 | ||||
| * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-3 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild | ||||
| 
 | ||||
| * Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.18.0-2 | ||||
| - Perl 5.32 rebuild | ||||
| 
 | ||||
| * Fri Apr 24 2020 Felix Kaechele <heffer@fedoraproject.org> - 1:1.18.0-1 | ||||
| - Update to 1.18.0 | ||||
| - Increased types_hash_max_size to 4096 in default config | ||||
| - Add gpg source verification | ||||
| - Add Recommends: logrotate | ||||
| - Drop location / from default config (rhbz#1564768) | ||||
| - Drop default_sever from default config (rhbz#1373822) | ||||
| 
 | ||||
| * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.1-2 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild | ||||
| 
 | ||||
| * Sun Sep 15 2019 Warren Togami <warren@blockstream.com> | ||||
| - add conditionals for EPEL7, see rhbz#1750857 | ||||
| 
 | ||||
| * Tue Aug 13 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.1-1 | ||||
| - Update to upstream release 1.16.1 | ||||
| - Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 | ||||
| 
 | ||||
| * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.0-5 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild | ||||
| 
 | ||||
| * Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.16.0-4 | ||||
| - Perl 5.30 rebuild | ||||
| 
 | ||||
| * Tue May 14 2019 Stephen Gallagher <sgallagh@redhat.com> - 1.16.0-3 | ||||
| - Move to common default index.html | ||||
| - Resolves: rhbz#1636235 | ||||
| 
 | ||||
| * Tue May 07 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-2 | ||||
| - Add missing directory for vim plugin | ||||
| 
 | ||||
| * Fri Apr 26 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-1 | ||||
| - Update to upstream release 1.16.0 | ||||
| 
 | ||||
| * Mon Mar 04 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.15.9-1 | ||||
| - Update to upstream release 1.15.9 | ||||
| - Enable ngx_stream_ssl_preread module | ||||
| - Remove redundant conditionals | ||||
| 
 | ||||
| * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.1-5 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild | ||||
| 
 | ||||
| * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:1.14.1-4 | ||||
| - Rebuilt for libcrypt.so.2 (#1666033) | ||||
| 
 | ||||
| * Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3 | ||||
| - fix unexpanded paths in nginx(8) (#1643069) | ||||
| - fix unexpanded paths in nginx(8) | ||||
| 
 | ||||
| * Mon Dec 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-2 | ||||
| - Resolves: #1655530 - Hardening tests fail for nginx | ||||
| 
 | ||||
| * Mon Nov 19 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-1 | ||||
| * Tue Nov 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.1-2 | ||||
| - new version 1.14.1 | ||||
| - Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and | ||||
|   memory disclosure via mp4 module | ||||
| - Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage | ||||
|   via flaw in HTTP/2 implementation | ||||
| - Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption | ||||
| - Resolves: #1584426 - Upstream Nginx 1.14.0 is now available | ||||
| - Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory | ||||
|   disclosure via mp4 module | ||||
| - Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption | ||||
|   via flaw in HTTP/2 implementation | ||||
| - Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw | ||||
|   in HTTP/2 implementation | ||||
| 
 | ||||
| * Wed Aug  8 2018 Joe Orton <jorton@redhat.com> - 1:1.14.0-3 | ||||
| - fix PKCS#11 support (Anderson Sasaki, #1545526) | ||||
| * Mon Aug 06 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-14 | ||||
| - add requires on perl(constant) for mod-http-perl | ||||
| 
 | ||||
| * Mon Aug 06 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.0-2 | ||||
| - add dependency on perl(constant) | ||||
| 
 | ||||
| * Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1 | ||||
| - Resolves: #1558420 - directory permissions are now correct after processing | ||||
|   USR1 signal | ||||
| - Resolves: #1601414 - nginx: drop GeoIP support | ||||
| * Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-13 | ||||
| - don't build with geoip by default | ||||
| 
 | ||||
| * Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12 | ||||
| - add build conditional for geoip support | ||||
| 
 | ||||
| * Thu May 03 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1 | ||||
| - new version 1.14.0 | ||||
| * Mon Jul 16 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.1-11 | ||||
| - Add gcc to BuildRequires to account for | ||||
|   https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot | ||||
| 
 | ||||
| * Wed Apr 25 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-9 | ||||
| - changed directory permissions (#1558420) | ||||
| * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-10 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild | ||||
| 
 | ||||
| * Fri Mar 23 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-8 | ||||
| - disable gperftools (#1496868) | ||||
| * Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.12.1-9 | ||||
| - Perl 5.28 rebuild | ||||
| 
 | ||||
| * Thu Mar 22 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-7 | ||||
| - update branding (#1512565) | ||||
| * Mon May 14 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-8 | ||||
| - Related: #1573942 - nginx fails on start | ||||
| 
 | ||||
| * Wed May 02 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-7 | ||||
| - Resolves: #1573942 - nginx fails on start | ||||
| 
 | ||||
| * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user