Merge branch 'master' into epel7
This commit is contained in:
commit
02037aa84e
20
README.fedora
Normal file
20
README.fedora
Normal file
@ -0,0 +1,20 @@
|
||||
###############
|
||||
Dynamic modules
|
||||
###############
|
||||
|
||||
Dynamic modules are loaded using the "load_modules" directive. The RPM package
|
||||
for each module has a '.conf' file in the /usr/share/nginx/modules directory.
|
||||
The '.conf' file contains a single "load_modules" directive.
|
||||
|
||||
This means that whenever a new dynamic module is installed, it will
|
||||
automatically be enabled and Nginx will be reloaded.
|
||||
|
||||
--------------------------------------------------------
|
||||
Prevent dynamic modules from being enabled automatically
|
||||
--------------------------------------------------------
|
||||
|
||||
You may want to avoid dynamic modules being enabled automatically. Simply
|
||||
remove this line from the top of /etc/nginx/nginx.conf:
|
||||
|
||||
include /usr/lib64/nginx/modules/*.conf;
|
||||
|
89
UPGRADE-NOTES-1.6-to-1.10
Normal file
89
UPGRADE-NOTES-1.6-to-1.10
Normal file
@ -0,0 +1,89 @@
|
||||
#############
|
||||
Upgrade notes
|
||||
#############
|
||||
|
||||
To resolve numerous security flaws, the nginx package was updated to 1.10.x.
|
||||
|
||||
You should review your configuration files in /etc/nginx to determine if there
|
||||
are any incompatibilities.
|
||||
|
||||
Please see upstream release notes for a complete list of new features,
|
||||
bug fixes, and changes: http://nginx.org/en/CHANGES-1.10
|
||||
|
||||
Below is a summary of the main changes. If you have not modified any files in
|
||||
/etc/nginx directory, the update will work seamlessly. However, if you are
|
||||
using any nginx directives that have changed or been removed then you should
|
||||
amend your configuration.
|
||||
|
||||
Nginx gained support for dynamic modules. Some modules have been split into
|
||||
subpackages, which for the time being are hard dependencies to aid the upgrade
|
||||
path. The new subpackages are:
|
||||
- nginx-mod-http-geoip
|
||||
- nginx-mod-http-image-filter
|
||||
- nginx-mod-http-perl
|
||||
- nginx-mod-http-xslt-filter
|
||||
- nginx-mod-mail
|
||||
- nginx-mod-stream
|
||||
|
||||
Changes with nginx 1.10.x
|
||||
|
||||
*) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
|
||||
passed to the next server by default if a request has been sent to a
|
||||
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
|
||||
directive explicitly allows retrying such requests.
|
||||
|
||||
*) Change: now the "output_buffers" directive uses two buffers by
|
||||
default.
|
||||
|
||||
*) Change: now nginx limits subrequests recursion, not simultaneous
|
||||
subrequests.
|
||||
|
||||
*) Change: now nginx checks the whole cache key when returning a
|
||||
response from cache.
|
||||
Thanks to Gena Makhomed and Sergey Brester.
|
||||
|
||||
*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
|
||||
directives of the stream module are replaced with the
|
||||
"proxy_buffer_size" directive.
|
||||
|
||||
*) Change: duplicate "http", "mail", and "stream" blocks are now
|
||||
disallowed.
|
||||
|
||||
*) Change: now SSLv3 protocol is disabled by default.
|
||||
|
||||
*) Change: some long deprecated directives are not supported anymore.
|
||||
|
||||
*) Change: obsolete aio and rtsig event methods have been removed.
|
||||
|
||||
Changes with nginx 1.8.x
|
||||
|
||||
*) Change: the "sendfile" parameter of the "aio" directive is
|
||||
deprecated; now nginx automatically uses AIO to pre-load data for
|
||||
sendfile if both "aio" and "sendfile" directives are used.
|
||||
|
||||
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
|
||||
header lines are passed to a backend while caching if nginx knows in
|
||||
advance that the response will not be cached (e.g., when using
|
||||
proxy_cache_min_uses).
|
||||
|
||||
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
|
||||
backend with caching disabled; the new directives
|
||||
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
|
||||
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
|
||||
after which the lock will be released and another attempt to cache a
|
||||
response will be made.
|
||||
|
||||
*) Change: the "log_format" directive can now be used only at http
|
||||
level.
|
||||
|
||||
*) Change: now nginx takes into account the "Vary" header line in a
|
||||
backend response while caching.
|
||||
|
||||
*) Change: the deprecated "limit_zone" directive is not supported
|
||||
anymore.
|
||||
|
||||
*) Change: now the "stub_status" directive does not require a parameter.
|
||||
|
||||
*) Change: URI escaping now uses uppercase hexadecimal digits.
|
||||
Thanks to Piotr Sikora.
|
||||
|
@ -1,181 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Roman Arutyunyan <arut@nginx.com>
|
||||
# Date 1453816008 -10800
|
||||
# Tue Jan 26 16:46:48 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID 5557bf31e25da68d5cda19dbc91d86f47430df1f
|
||||
# Parent 838946300825379ccdd3acfb131cf66d6ae3cb85
|
||||
Resolver: changed the ngx_resolver_create_*_query() arguments.
|
||||
|
||||
No functional changes.
|
||||
|
||||
This is needed by the following change.
|
||||
|
||||
diff -r 838946300825 -r 5557bf31e25d src/core/ngx_resolver.c
|
||||
--- a/src/core/ngx_resolver.c Tue Jan 26 16:46:38 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.c Tue Jan 26 16:46:48 2016 +0300
|
||||
@@ -64,10 +64,10 @@
|
||||
ngx_queue_t *queue);
|
||||
static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r,
|
||||
ngx_resolver_node_t *rn);
|
||||
-static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_node_t *rn,
|
||||
- ngx_resolver_ctx_t *ctx);
|
||||
-static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_node_t *rn,
|
||||
- ngx_resolver_ctx_t *ctx);
|
||||
+static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_t *r,
|
||||
+ ngx_resolver_node_t *rn, ngx_str_t *name);
|
||||
+static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_t *r,
|
||||
+ ngx_resolver_node_t *rn, ngx_addr_t *addr);
|
||||
static void ngx_resolver_resend_handler(ngx_event_t *ev);
|
||||
static time_t ngx_resolver_resend(ngx_resolver_t *r, ngx_rbtree_t *tree,
|
||||
ngx_queue_t *queue);
|
||||
@@ -651,7 +651,7 @@
|
||||
ngx_rbtree_insert(&r->name_rbtree, &rn->node);
|
||||
}
|
||||
|
||||
- rc = ngx_resolver_create_name_query(rn, ctx);
|
||||
+ rc = ngx_resolver_create_name_query(r, rn, &ctx->name);
|
||||
|
||||
if (rc == NGX_ERROR) {
|
||||
goto failed;
|
||||
@@ -878,7 +878,7 @@
|
||||
ngx_rbtree_insert(tree, &rn->node);
|
||||
}
|
||||
|
||||
- if (ngx_resolver_create_addr_query(rn, ctx) != NGX_OK) {
|
||||
+ if (ngx_resolver_create_addr_query(r, rn, &ctx->addr) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@@ -2511,27 +2511,23 @@
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
-ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
|
||||
+ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
||||
+ ngx_str_t *name)
|
||||
{
|
||||
u_char *p, *s;
|
||||
size_t len, nlen;
|
||||
ngx_uint_t ident;
|
||||
-#if (NGX_HAVE_INET6)
|
||||
- ngx_resolver_t *r;
|
||||
-#endif
|
||||
ngx_resolver_qs_t *qs;
|
||||
ngx_resolver_hdr_t *query;
|
||||
|
||||
- nlen = ctx->name.len ? (1 + ctx->name.len + 1) : 1;
|
||||
+ nlen = name->len ? (1 + name->len + 1) : 1;
|
||||
|
||||
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
- r = ctx->resolver;
|
||||
-
|
||||
- p = ngx_resolver_alloc(ctx->resolver, r->ipv6 ? len * 2 : len);
|
||||
+ p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
|
||||
#else
|
||||
- p = ngx_resolver_alloc(ctx->resolver, len);
|
||||
+ p = ngx_resolver_alloc(r, len);
|
||||
#endif
|
||||
if (p == NULL) {
|
||||
return NGX_ERROR;
|
||||
@@ -2550,8 +2546,8 @@
|
||||
|
||||
ident = ngx_random();
|
||||
|
||||
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0,
|
||||
- "resolve: \"%V\" A %i", &ctx->name, ident & 0xffff);
|
||||
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
+ "resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
@@ -2581,11 +2577,11 @@
|
||||
p--;
|
||||
*p-- = '\0';
|
||||
|
||||
- if (ctx->name.len == 0) {
|
||||
+ if (name->len == 0) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
- for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
|
||||
+ for (s = name->data + name->len - 1; s >= name->data; s--) {
|
||||
if (*s != '.') {
|
||||
*p = *s;
|
||||
len++;
|
||||
@@ -2621,8 +2617,8 @@
|
||||
|
||||
ident = ngx_random();
|
||||
|
||||
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0,
|
||||
- "resolve: \"%V\" AAAA %i", &ctx->name, ident & 0xffff);
|
||||
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
+ "resolve: \"%V\" AAAA %i", name, ident & 0xffff);
|
||||
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
@@ -2639,11 +2635,12 @@
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
-ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
|
||||
+ngx_resolver_create_addr_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
||||
+ ngx_addr_t *addr)
|
||||
{
|
||||
u_char *p, *d;
|
||||
size_t len;
|
||||
- in_addr_t addr;
|
||||
+ in_addr_t inaddr;
|
||||
ngx_int_t n;
|
||||
ngx_uint_t ident;
|
||||
ngx_resolver_hdr_t *query;
|
||||
@@ -2652,7 +2649,7 @@
|
||||
struct sockaddr_in6 *sin6;
|
||||
#endif
|
||||
|
||||
- switch (ctx->addr.sockaddr->sa_family) {
|
||||
+ switch (addr->sockaddr->sa_family) {
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
case AF_INET6:
|
||||
@@ -2669,7 +2666,7 @@
|
||||
+ sizeof(ngx_resolver_qs_t);
|
||||
}
|
||||
|
||||
- p = ngx_resolver_alloc(ctx->resolver, len);
|
||||
+ p = ngx_resolver_alloc(r, len);
|
||||
if (p == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
@@ -2693,11 +2690,11 @@
|
||||
|
||||
p += sizeof(ngx_resolver_hdr_t);
|
||||
|
||||
- switch (ctx->addr.sockaddr->sa_family) {
|
||||
+ switch (addr->sockaddr->sa_family) {
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
case AF_INET6:
|
||||
- sin6 = (struct sockaddr_in6 *) ctx->addr.sockaddr;
|
||||
+ sin6 = (struct sockaddr_in6 *) addr->sockaddr;
|
||||
|
||||
for (n = 15; n >= 0; n--) {
|
||||
p = ngx_sprintf(p, "\1%xd\1%xd",
|
||||
@@ -2712,11 +2709,11 @@
|
||||
|
||||
default: /* AF_INET */
|
||||
|
||||
- sin = (struct sockaddr_in *) ctx->addr.sockaddr;
|
||||
- addr = ntohl(sin->sin_addr.s_addr);
|
||||
+ sin = (struct sockaddr_in *) addr->sockaddr;
|
||||
+ inaddr = ntohl(sin->sin_addr.s_addr);
|
||||
|
||||
for (n = 0; n < 32; n += 8) {
|
||||
- d = ngx_sprintf(&p[1], "%ud", (addr >> n) & 0xff);
|
||||
+ d = ngx_sprintf(&p[1], "%ud", (inaddr >> n) & 0xff);
|
||||
*p = (u_char) (d - &p[1]);
|
||||
p = d;
|
||||
}
|
@ -1,80 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Ruslan Ermilov <ru@nginx.com>
|
||||
# Date 1453815998 -10800
|
||||
# Tue Jan 26 16:46:38 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID 838946300825379ccdd3acfb131cf66d6ae3cb85
|
||||
# Parent f63dd04c158062d73fcb6aff59124910fa1fae75
|
||||
Resolver: fixed CNAME processing for several requests.
|
||||
|
||||
When several requests were waiting for a response, then after getting
|
||||
a CNAME response only the last request was properly processed, while
|
||||
others were left waiting.
|
||||
|
||||
diff -r f63dd04c1580 -r 838946300825 src/core/ngx_resolver.c
|
||||
--- a/src/core/ngx_resolver.c Tue Jan 26 16:46:31 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.c Tue Jan 26 16:46:38 2016 +0300
|
||||
@@ -473,7 +473,7 @@
|
||||
ngx_int_t rc;
|
||||
ngx_uint_t naddrs;
|
||||
ngx_addr_t *addrs;
|
||||
- ngx_resolver_ctx_t *next;
|
||||
+ ngx_resolver_ctx_t *next, *last;
|
||||
ngx_resolver_node_t *rn;
|
||||
|
||||
ngx_strlow(ctx->name.data, ctx->name.data, ctx->name.len);
|
||||
@@ -484,6 +484,9 @@
|
||||
|
||||
if (rn) {
|
||||
|
||||
+ /* ctx can be a list after NGX_RESOLVE_CNAME */
|
||||
+ for (last = ctx; last->next; last = last->next);
|
||||
+
|
||||
if (rn->valid >= ngx_time()) {
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_CORE, r->log, 0, "resolve cached");
|
||||
@@ -511,7 +514,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
- ctx->next = rn->waiting;
|
||||
+ last->next = rn->waiting;
|
||||
rn->waiting = NULL;
|
||||
|
||||
/* unlock name mutex */
|
||||
@@ -557,7 +560,7 @@
|
||||
return ngx_resolve_name_locked(r, ctx);
|
||||
}
|
||||
|
||||
- ctx->next = rn->waiting;
|
||||
+ last->next = rn->waiting;
|
||||
rn->waiting = NULL;
|
||||
|
||||
/* unlock name mutex */
|
||||
@@ -590,7 +593,7 @@
|
||||
ngx_add_timer(ctx->event, ctx->timeout);
|
||||
}
|
||||
|
||||
- ctx->next = rn->waiting;
|
||||
+ last->next = rn->waiting;
|
||||
rn->waiting = ctx;
|
||||
ctx->state = NGX_AGAIN;
|
||||
|
||||
@@ -661,8 +664,14 @@
|
||||
ngx_resolver_free(r, rn->name);
|
||||
ngx_resolver_free(r, rn);
|
||||
|
||||
- ctx->state = NGX_RESOLVE_NXDOMAIN;
|
||||
- ctx->handler(ctx);
|
||||
+ do {
|
||||
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
|
||||
+ next = ctx->next;
|
||||
+
|
||||
+ ctx->handler(ctx);
|
||||
+
|
||||
+ ctx = next;
|
||||
+ } while (ctx);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
@ -1,134 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Ruslan Ermilov <ru@nginx.com>
|
||||
# Date 1453815991 -10800
|
||||
# Tue Jan 26 16:46:31 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID f63dd04c158062d73fcb6aff59124910fa1fae75
|
||||
# Parent c36482d0a79fe0f2e1467f80ec2fbcd0a2d682c6
|
||||
Resolver: fixed crashes in timeout handler.
|
||||
|
||||
If one or more requests were waiting for a response, then after
|
||||
getting a CNAME response, the timeout event on the first request
|
||||
remained active, pointing to the wrong node with an empty
|
||||
rn->waiting list, and that could cause either null pointer
|
||||
dereference or use-after-free memory access if this timeout
|
||||
expired.
|
||||
|
||||
If several requests were waiting for a response, and the first
|
||||
request terminated (e.g., due to client closing a connection),
|
||||
other requests were left without a timeout and could potentially
|
||||
wait indefinitely.
|
||||
|
||||
This is fixed by introducing per-request independent timeouts.
|
||||
This change also reverts 954867a2f0a6 and 5004210e8c78.
|
||||
|
||||
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
|
||||
index fe0ce50..7aa88a6 100644
|
||||
--- a/src/core/ngx_resolver.c
|
||||
+++ b/src/core/ngx_resolver.c
|
||||
@@ -417,7 +417,7 @@ ngx_resolve_name_done(ngx_resolver_ctx_t *ctx)
|
||||
|
||||
/* lock name mutex */
|
||||
|
||||
- if (ctx->state == NGX_AGAIN) {
|
||||
+ if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
|
||||
|
||||
hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
|
||||
|
||||
@@ -571,6 +571,20 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
|
||||
|
||||
if (rn->waiting) {
|
||||
|
||||
+ if (ctx->event == NULL) {
|
||||
+ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
|
||||
+ if (ctx->event == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ ctx->event->handler = ngx_resolver_timeout_handler;
|
||||
+ ctx->event->data = ctx;
|
||||
+ ctx->event->log = r->log;
|
||||
+ ctx->ident = -1;
|
||||
+
|
||||
+ ngx_add_timer(ctx->event, ctx->timeout);
|
||||
+ }
|
||||
+
|
||||
ctx->next = rn->waiting;
|
||||
rn->waiting = ctx;
|
||||
ctx->state = NGX_AGAIN;
|
||||
@@ -664,7 +678,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
|
||||
}
|
||||
|
||||
ctx->event->handler = ngx_resolver_timeout_handler;
|
||||
- ctx->event->data = rn;
|
||||
+ ctx->event->data = ctx;
|
||||
ctx->event->log = r->log;
|
||||
ctx->ident = -1;
|
||||
|
||||
@@ -794,6 +808,18 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
|
||||
|
||||
if (rn->waiting) {
|
||||
|
||||
+ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
|
||||
+ if (ctx->event == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ ctx->event->handler = ngx_resolver_timeout_handler;
|
||||
+ ctx->event->data = ctx;
|
||||
+ ctx->event->log = r->log;
|
||||
+ ctx->ident = -1;
|
||||
+
|
||||
+ ngx_add_timer(ctx->event, ctx->timeout);
|
||||
+
|
||||
ctx->next = rn->waiting;
|
||||
rn->waiting = ctx;
|
||||
ctx->state = NGX_AGAIN;
|
||||
@@ -857,7 +883,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
|
||||
}
|
||||
|
||||
ctx->event->handler = ngx_resolver_timeout_handler;
|
||||
- ctx->event->data = rn;
|
||||
+ ctx->event->data = ctx;
|
||||
ctx->event->log = r->log;
|
||||
ctx->ident = -1;
|
||||
|
||||
@@ -949,7 +975,7 @@ ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx)
|
||||
|
||||
/* lock addr mutex */
|
||||
|
||||
- if (ctx->state == NGX_AGAIN) {
|
||||
+ if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
|
||||
|
||||
switch (ctx->addr.sockaddr->sa_family) {
|
||||
|
||||
@@ -2791,21 +2817,13 @@ done:
|
||||
static void
|
||||
ngx_resolver_timeout_handler(ngx_event_t *ev)
|
||||
{
|
||||
- ngx_resolver_ctx_t *ctx, *next;
|
||||
- ngx_resolver_node_t *rn;
|
||||
+ ngx_resolver_ctx_t *ctx;
|
||||
|
||||
- rn = ev->data;
|
||||
- ctx = rn->waiting;
|
||||
- rn->waiting = NULL;
|
||||
+ ctx = ev->data;
|
||||
|
||||
- do {
|
||||
- ctx->state = NGX_RESOLVE_TIMEDOUT;
|
||||
- next = ctx->next;
|
||||
-
|
||||
- ctx->handler(ctx);
|
||||
+ ctx->state = NGX_RESOLVE_TIMEDOUT;
|
||||
|
||||
- ctx = next;
|
||||
- } while (ctx);
|
||||
+ ctx->handler(ctx);
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
@ -1,22 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Roman Arutyunyan <arut@nginx.com>
|
||||
# Date 1453815978 -10800
|
||||
# Tue Jan 26 16:46:18 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID c36482d0a79fe0f2e1467f80ec2fbcd0a2d682c6
|
||||
# Parent e9a4531a2a5dabb9bee93cb8b41f24b8aeeba504
|
||||
Resolver: fixed possible segmentation fault on DNS format error.
|
||||
|
||||
diff -r e9a4531a2a5d -r c36482d0a79f src/core/ngx_resolver.c
|
||||
--- a/src/core/ngx_resolver.c Mon Jan 25 21:58:21 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.c Tue Jan 26 16:46:18 2016 +0300
|
||||
@@ -1292,7 +1292,7 @@
|
||||
times = 0;
|
||||
|
||||
for (q = ngx_queue_head(&r->name_resend_queue);
|
||||
- q != ngx_queue_sentinel(&r->name_resend_queue) || times++ < 100;
|
||||
+ q != ngx_queue_sentinel(&r->name_resend_queue) && times++ < 100;
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
|
@ -1,252 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Roman Arutyunyan <arut@nginx.com>
|
||||
# Date 1453816019 -10800
|
||||
# Tue Jan 26 16:46:59 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID dac6eda40475f08b7372159d78dad1e13cd5bc7f
|
||||
# Parent 5557bf31e25da68d5cda19dbc91d86f47430df1f
|
||||
Resolver: fixed use-after-free memory accesses with CNAME.
|
||||
|
||||
When several requests were waiting for a response, then after getting
|
||||
a CNAME response only the last request's context had the name updated.
|
||||
Contexts of other requests had the wrong name. This name was used by
|
||||
ngx_resolve_name_done() to find the node to remove the request context
|
||||
from. When the name was wrong, the request could not be properly
|
||||
cancelled, its context was freed but stayed linked to the node's waiting
|
||||
list. This happened e.g. when the first request was aborted or timed
|
||||
out before the resolving completed. When it completed, this triggered
|
||||
a use-after-free memory access by calling ctx->handler of already freed
|
||||
request context. The bug manifests itself by
|
||||
"could not cancel <name> resolving" alerts in error_log.
|
||||
|
||||
When a request was responded with a CNAME, the request context kept
|
||||
the pointer to the original node's rn->u.cname. If the original node
|
||||
expired before the resolving timed out or completed with an error,
|
||||
this would trigger a use-after-free memory access via ctx->name in
|
||||
ctx->handler().
|
||||
|
||||
The fix is to keep ctx->name unmodified. The name from context
|
||||
is no longer used by ngx_resolve_name_done(). Instead, we now keep
|
||||
the pointer to resolver node to which this request is linked.
|
||||
Keeping the original name intact also improves logging.
|
||||
|
||||
diff -r 5557bf31e25d -r dac6eda40475 src/core/ngx_resolver.c
|
||||
--- a/src/core/ngx_resolver.c Tue Jan 26 16:46:48 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.c Tue Jan 26 16:46:59 2016 +0300
|
||||
@@ -59,7 +59,7 @@
|
||||
static void ngx_resolver_cleanup(void *data);
|
||||
static void ngx_resolver_cleanup_tree(ngx_resolver_t *r, ngx_rbtree_t *tree);
|
||||
static ngx_int_t ngx_resolve_name_locked(ngx_resolver_t *r,
|
||||
- ngx_resolver_ctx_t *ctx);
|
||||
+ ngx_resolver_ctx_t *ctx, ngx_str_t *name);
|
||||
static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree,
|
||||
ngx_queue_t *queue);
|
||||
static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r,
|
||||
@@ -375,7 +375,7 @@
|
||||
|
||||
/* lock name mutex */
|
||||
|
||||
- rc = ngx_resolve_name_locked(r, ctx);
|
||||
+ rc = ngx_resolve_name_locked(r, ctx, &ctx->name);
|
||||
|
||||
if (rc == NGX_OK) {
|
||||
return NGX_OK;
|
||||
@@ -402,7 +402,6 @@
|
||||
void
|
||||
ngx_resolve_name_done(ngx_resolver_ctx_t *ctx)
|
||||
{
|
||||
- uint32_t hash;
|
||||
ngx_resolver_t *r;
|
||||
ngx_resolver_ctx_t *w, **p;
|
||||
ngx_resolver_node_t *rn;
|
||||
@@ -424,9 +423,7 @@
|
||||
|
||||
if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
|
||||
|
||||
- hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
|
||||
-
|
||||
- rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
|
||||
+ rn = ctx->node;
|
||||
|
||||
if (rn) {
|
||||
p = &rn->waiting;
|
||||
@@ -467,20 +464,22 @@
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
-ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
|
||||
+ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
|
||||
+ ngx_str_t *name)
|
||||
{
|
||||
uint32_t hash;
|
||||
ngx_int_t rc;
|
||||
+ ngx_str_t cname;
|
||||
ngx_uint_t naddrs;
|
||||
ngx_addr_t *addrs;
|
||||
ngx_resolver_ctx_t *next, *last;
|
||||
ngx_resolver_node_t *rn;
|
||||
|
||||
- ngx_strlow(ctx->name.data, ctx->name.data, ctx->name.len);
|
||||
-
|
||||
- hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
|
||||
-
|
||||
- rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
|
||||
+ ngx_strlow(name->data, name->data, name->len);
|
||||
+
|
||||
+ hash = ngx_crc32_short(name->data, name->len);
|
||||
+
|
||||
+ rn = ngx_resolver_lookup_name(r, name, hash);
|
||||
|
||||
if (rn) {
|
||||
|
||||
@@ -554,10 +553,10 @@
|
||||
|
||||
if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) {
|
||||
|
||||
- ctx->name.len = rn->cnlen;
|
||||
- ctx->name.data = rn->u.cname;
|
||||
-
|
||||
- return ngx_resolve_name_locked(r, ctx);
|
||||
+ cname.len = rn->cnlen;
|
||||
+ cname.data = rn->u.cname;
|
||||
+
|
||||
+ return ngx_resolve_name_locked(r, ctx, &cname);
|
||||
}
|
||||
|
||||
last->next = rn->waiting;
|
||||
@@ -597,6 +596,11 @@
|
||||
rn->waiting = ctx;
|
||||
ctx->state = NGX_AGAIN;
|
||||
|
||||
+ do {
|
||||
+ ctx->node = rn;
|
||||
+ ctx = ctx->next;
|
||||
+ } while (ctx);
|
||||
+
|
||||
return NGX_AGAIN;
|
||||
}
|
||||
|
||||
@@ -635,14 +639,14 @@
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
- rn->name = ngx_resolver_dup(r, ctx->name.data, ctx->name.len);
|
||||
+ rn->name = ngx_resolver_dup(r, name->data, name->len);
|
||||
if (rn->name == NULL) {
|
||||
ngx_resolver_free(r, rn);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
rn->node.key = hash;
|
||||
- rn->nlen = (u_short) ctx->name.len;
|
||||
+ rn->nlen = (u_short) name->len;
|
||||
rn->query = NULL;
|
||||
#if (NGX_HAVE_INET6)
|
||||
rn->query6 = NULL;
|
||||
@@ -651,7 +655,7 @@
|
||||
ngx_rbtree_insert(&r->name_rbtree, &rn->node);
|
||||
}
|
||||
|
||||
- rc = ngx_resolver_create_name_query(r, rn, &ctx->name);
|
||||
+ rc = ngx_resolver_create_name_query(r, rn, name);
|
||||
|
||||
if (rc == NGX_ERROR) {
|
||||
goto failed;
|
||||
@@ -715,6 +719,11 @@
|
||||
|
||||
ctx->state = NGX_AGAIN;
|
||||
|
||||
+ do {
|
||||
+ ctx->node = rn;
|
||||
+ ctx = ctx->next;
|
||||
+ } while (ctx);
|
||||
+
|
||||
return NGX_AGAIN;
|
||||
|
||||
failed:
|
||||
@@ -837,6 +846,7 @@
|
||||
ctx->next = rn->waiting;
|
||||
rn->waiting = ctx;
|
||||
ctx->state = NGX_AGAIN;
|
||||
+ ctx->node = rn;
|
||||
|
||||
/* unlock addr mutex */
|
||||
|
||||
@@ -922,6 +932,7 @@
|
||||
/* unlock addr mutex */
|
||||
|
||||
ctx->state = NGX_AGAIN;
|
||||
+ ctx->node = rn;
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
@@ -952,17 +963,11 @@
|
||||
void
|
||||
ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx)
|
||||
{
|
||||
- in_addr_t addr;
|
||||
ngx_queue_t *expire_queue;
|
||||
ngx_rbtree_t *tree;
|
||||
ngx_resolver_t *r;
|
||||
ngx_resolver_ctx_t *w, **p;
|
||||
- struct sockaddr_in *sin;
|
||||
ngx_resolver_node_t *rn;
|
||||
-#if (NGX_HAVE_INET6)
|
||||
- uint32_t hash;
|
||||
- struct sockaddr_in6 *sin6;
|
||||
-#endif
|
||||
|
||||
r = ctx->resolver;
|
||||
|
||||
@@ -991,21 +996,7 @@
|
||||
|
||||
if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
|
||||
|
||||
- switch (ctx->addr.sockaddr->sa_family) {
|
||||
-
|
||||
-#if (NGX_HAVE_INET6)
|
||||
- case AF_INET6:
|
||||
- sin6 = (struct sockaddr_in6 *) ctx->addr.sockaddr;
|
||||
- hash = ngx_crc32_short(sin6->sin6_addr.s6_addr, 16);
|
||||
- rn = ngx_resolver_lookup_addr6(r, &sin6->sin6_addr, hash);
|
||||
- break;
|
||||
-#endif
|
||||
-
|
||||
- default: /* AF_INET */
|
||||
- sin = (struct sockaddr_in *) ctx->addr.sockaddr;
|
||||
- addr = ntohl(sin->sin_addr.s_addr);
|
||||
- rn = ngx_resolver_lookup_addr(r, addr);
|
||||
- }
|
||||
+ rn = ctx->node;
|
||||
|
||||
if (rn) {
|
||||
p = &rn->waiting;
|
||||
@@ -1994,9 +1985,12 @@
|
||||
rn->waiting = NULL;
|
||||
|
||||
if (ctx) {
|
||||
- ctx->name = name;
|
||||
-
|
||||
- (void) ngx_resolve_name_locked(r, ctx);
|
||||
+
|
||||
+ for (next = ctx; next; next = next->next) {
|
||||
+ next->node = NULL;
|
||||
+ }
|
||||
+
|
||||
+ (void) ngx_resolve_name_locked(r, ctx, &name);
|
||||
}
|
||||
|
||||
ngx_resolver_free(r, rn->query);
|
||||
diff -r 5557bf31e25d -r dac6eda40475 src/core/ngx_resolver.h
|
||||
--- a/src/core/ngx_resolver.h Tue Jan 26 16:46:48 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.h Tue Jan 26 16:46:59 2016 +0300
|
||||
@@ -161,6 +161,8 @@
|
||||
ngx_uint_t quick; /* unsigned quick:1; */
|
||||
ngx_uint_t recursion;
|
||||
ngx_event_t *event;
|
||||
+
|
||||
+ ngx_resolver_node_t *node;
|
||||
};
|
||||
|
||||
|
@ -1,68 +0,0 @@
|
||||
exporting patch:
|
||||
# HG changeset patch
|
||||
# User Ruslan Ermilov <ru@nginx.com>
|
||||
# Date 1453816034 -10800
|
||||
# Tue Jan 26 16:47:14 2016 +0300
|
||||
# Branch stable-1.8
|
||||
# Node ID 93d70d87914c350948ab701cc99569680320e198
|
||||
# Parent dac6eda40475f08b7372159d78dad1e13cd5bc7f
|
||||
Resolver: limited CNAME recursion.
|
||||
|
||||
Previously, the recursion was only limited for cached responses.
|
||||
|
||||
diff -r dac6eda40475 -r 93d70d87914c src/core/ngx_resolver.c
|
||||
--- a/src/core/ngx_resolver.c Tue Jan 26 16:46:59 2016 +0300
|
||||
+++ b/src/core/ngx_resolver.c Tue Jan 26 16:47:14 2016 +0300
|
||||
@@ -1981,24 +1981,40 @@
|
||||
|
||||
ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
|
||||
|
||||
- ctx = rn->waiting;
|
||||
- rn->waiting = NULL;
|
||||
-
|
||||
- if (ctx) {
|
||||
-
|
||||
- for (next = ctx; next; next = next->next) {
|
||||
- next->node = NULL;
|
||||
- }
|
||||
-
|
||||
- (void) ngx_resolve_name_locked(r, ctx, &name);
|
||||
- }
|
||||
-
|
||||
ngx_resolver_free(r, rn->query);
|
||||
rn->query = NULL;
|
||||
#if (NGX_HAVE_INET6)
|
||||
rn->query6 = NULL;
|
||||
#endif
|
||||
|
||||
+ ctx = rn->waiting;
|
||||
+ rn->waiting = NULL;
|
||||
+
|
||||
+ if (ctx) {
|
||||
+
|
||||
+ if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
|
||||
+
|
||||
+ /* unlock name mutex */
|
||||
+
|
||||
+ do {
|
||||
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
|
||||
+ next = ctx->next;
|
||||
+
|
||||
+ ctx->handler(ctx);
|
||||
+
|
||||
+ ctx = next;
|
||||
+ } while (ctx);
|
||||
+
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ for (next = ctx; next; next = next->next) {
|
||||
+ next->node = NULL;
|
||||
+ }
|
||||
+
|
||||
+ (void) ngx_resolve_name_locked(r, ctx, &name);
|
||||
+ }
|
||||
+
|
||||
/* unlock name mutex */
|
||||
|
||||
return;
|
@ -1,15 +0,0 @@
|
||||
--- src/os/unix/ngx_files.c
|
||||
+++ src/os/unix/ngx_files.c
|
||||
@@ -183,6 +183,12 @@ ngx_write_chain_to_file(ngx_file_t *file
|
||||
/* create the iovec and coalesce the neighbouring bufs */
|
||||
|
||||
while (cl && vec.nelts < IOV_MAX) {
|
||||
+
|
||||
+ if (ngx_buf_special(cl->buf)) {
|
||||
+ cl = cl->next;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (prev == cl->buf->pos) {
|
||||
iov->iov_len += cl->buf->last - cl->buf->pos;
|
||||
|
35
nginx.conf
35
nginx.conf
@ -7,6 +7,9 @@ worker_processes auto;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
# Load dynamic modules. See /usr/share/nginx/README.fedora.
|
||||
include /usr/share/nginx/modules/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
@ -52,4 +55,36 @@ http {
|
||||
location = /50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
# Settings for a TLS enabled server.
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl;
|
||||
# server_name _;
|
||||
# root /usr/share/nginx/html;
|
||||
#
|
||||
# ssl_certificate "/etc/pki/nginx/server.crt";
|
||||
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
|
||||
# ssl_session_cache shared:SSL:1m;
|
||||
# ssl_session_timeout 10m;
|
||||
# ssl_ciphers PROFILE=SYSTEM;
|
||||
# ssl_prefer_server_ciphers on;
|
||||
#
|
||||
# # Load configuration files for the default server block.
|
||||
# include /etc/nginx/default.d/*.conf;
|
||||
#
|
||||
# location / {
|
||||
# }
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
#
|
||||
# error_page 500 502 503 504 /50x.html;
|
||||
# location = /50x.html {
|
||||
# }
|
||||
# }
|
||||
|
||||
}
|
||||
|
||||
|
@ -12,9 +12,9 @@ ExecStartPre=/usr/bin/rm -f /run/nginx.pid
|
||||
ExecStartPre=/usr/sbin/nginx -t
|
||||
ExecStart=/usr/sbin/nginx
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
KillMode=process
|
||||
KillSignal=SIGQUIT
|
||||
TimeoutStopSec=5
|
||||
KillMode=mixed
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
|
435
nginx.spec
435
nginx.spec
@ -1,27 +1,21 @@
|
||||
%global _hardened_build 1
|
||||
%global nginx_user nginx
|
||||
%global nginx_group %{nginx_user}
|
||||
%global nginx_home %{_localstatedir}/lib/nginx
|
||||
%global nginx_home_tmp %{nginx_home}/tmp
|
||||
%global nginx_confdir %{_sysconfdir}/nginx
|
||||
%global nginx_datadir %{_datadir}/nginx
|
||||
%global nginx_logdir %{_localstatedir}/log/nginx
|
||||
%global nginx_webroot %{nginx_datadir}/html
|
||||
|
||||
# gperftools exist only on selected arches
|
||||
%ifarch %{ix86} x86_64 ppc ppc64 %{arm}
|
||||
%global with_gperftools 1
|
||||
%ifnarch s390 s390x
|
||||
%global with_gperftools 1
|
||||
%endif
|
||||
|
||||
# AIO missing on some arches
|
||||
%ifnarch aarch64
|
||||
%global with_aio 1
|
||||
%global with_aio 1
|
||||
|
||||
%if 0%{?fedora} > 22
|
||||
%global with_mailcap_mimetypes 1
|
||||
%endif
|
||||
|
||||
Name: nginx
|
||||
Epoch: 1
|
||||
Version: 1.6.3
|
||||
Release: 9%{?dist}
|
||||
Version: 1.10.1
|
||||
Release: 1%{?dist}
|
||||
|
||||
Summary: A high performance web server and reverse proxy server
|
||||
Group: System Environment/Daemons
|
||||
@ -42,42 +36,33 @@ Source101: poweredby.png
|
||||
Source102: nginx-logo.png
|
||||
Source103: 404.html
|
||||
Source104: 50x.html
|
||||
Source200: README.fedora
|
||||
Source210: UPGRADE-NOTES-1.6-to-1.10
|
||||
|
||||
# removes -Werror in upstream build scripts. -Werror conflicts with
|
||||
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
|
||||
Patch0: nginx-auto-cc-gcc.patch
|
||||
# CVE-2016-4450
|
||||
Patch1: nginx-1.8.1-null-pointer-deref.patch
|
||||
|
||||
# Patches taken from 1.8.1 release. Only the second patch in this series
|
||||
# failed to apply and had to be modified.
|
||||
Patch10: nginx-1.6.3-Resolver-fix-possible-segmentation-fault.patch
|
||||
Patch11: nginx-1.6.3-Resolver-fix-crashes-in-timeout-handler.patch
|
||||
Patch12: nginx-1.6.3-Resolver-fix-CNAME-processing.patch
|
||||
Patch13: nginx-1.6.3-Resolver-change-ngx_resolver_create-arguments.patch
|
||||
Patch14: nginx-1.6.3-Resolver-fix-use-after-free-with-CNAME.patch
|
||||
Patch15: nginx-1.6.3-Resolver-limit-CNAME-recursion.patch
|
||||
|
||||
|
||||
BuildRequires: GeoIP-devel
|
||||
BuildRequires: gd-devel
|
||||
%if 0%{?with_gperftools}
|
||||
BuildRequires: gperftools-devel
|
||||
%endif
|
||||
BuildRequires: libxslt-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pcre-devel
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: perl(ExtUtils::Embed)
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
|
||||
Requires: GeoIP
|
||||
Requires: gd
|
||||
|
||||
%if 0%{?rhel} || 0%{?fedora} < 24
|
||||
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
|
||||
Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
|
||||
%endif
|
||||
|
||||
Requires: openssl
|
||||
Requires: pcre
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Requires(pre): nginx-filesystem
|
||||
%if 0%{?with_mailcap_mimetypes}
|
||||
Requires: nginx-mimetypes
|
||||
%endif
|
||||
Provides: webserver
|
||||
|
||||
BuildRequires: systemd
|
||||
@ -90,6 +75,29 @@ Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
|
||||
IMAP protocols, with a strong focus on high concurrency, performance and low
|
||||
memory usage.
|
||||
|
||||
%package all-modules
|
||||
Group: System Environment/Daemons
|
||||
Summary: A meta package that installs all available Nginx modules
|
||||
BuildArch: noarch
|
||||
|
||||
Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
|
||||
Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
|
||||
Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release}
|
||||
Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
|
||||
Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
|
||||
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description all-modules
|
||||
%{summary}.
|
||||
%if 0%{?rhel}
|
||||
The main nginx package depends on this to ease the upgrade path. After a grace
|
||||
period of several months, modules will become optional.
|
||||
%endif
|
||||
%if 0%{?fedora} && 0%{?fedora} < 24
|
||||
The main nginx package depends on this to ease the upgrade path. Starting from
|
||||
Fedora 24, modules are optional.
|
||||
%endif
|
||||
|
||||
%package filesystem
|
||||
Group: System Environment/Daemons
|
||||
Summary: The basic directory layout for the Nginx server
|
||||
@ -101,17 +109,78 @@ The nginx-filesystem package contains the basic directory layout
|
||||
for the Nginx server including the correct permissions for the
|
||||
directories.
|
||||
|
||||
%package mod-http-geoip
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx HTTP geoip module
|
||||
BuildRequires: GeoIP-devel
|
||||
Requires: nginx
|
||||
Requires: GeoIP
|
||||
|
||||
%description mod-http-geoip
|
||||
%{summary}.
|
||||
|
||||
%package mod-http-image-filter
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx HTTP image filter module
|
||||
BuildRequires: gd-devel
|
||||
Requires: nginx
|
||||
Requires: gd
|
||||
|
||||
%description mod-http-image-filter
|
||||
%{summary}.
|
||||
|
||||
%package mod-http-perl
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx HTTP perl module
|
||||
BuildRequires: perl-devel
|
||||
%if 0%{?fedora} >= 24
|
||||
BuildRequires: perl-generators
|
||||
%endif
|
||||
BuildRequires: perl(ExtUtils::Embed)
|
||||
Requires: nginx
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
|
||||
%description mod-http-perl
|
||||
%{summary}.
|
||||
|
||||
%package mod-http-xslt-filter
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx XSLT module
|
||||
BuildRequires: libxslt-devel
|
||||
Requires: nginx
|
||||
|
||||
%description mod-http-xslt-filter
|
||||
%{summary}.
|
||||
|
||||
%package mod-mail
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx mail modules
|
||||
Requires: nginx
|
||||
|
||||
%description mod-mail
|
||||
%{summary}.
|
||||
|
||||
%package mod-stream
|
||||
Group: System Environment/Daemons
|
||||
Summary: Nginx stream modules
|
||||
Requires: nginx
|
||||
|
||||
%description mod-stream
|
||||
%{summary}.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p0
|
||||
%patch1 -p0
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
cp %{SOURCE200} .
|
||||
%if 0%{?rhel} == 7
|
||||
cp %{SOURCE210} .
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} < 8
|
||||
sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10}
|
||||
sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12}
|
||||
%endif
|
||||
|
||||
|
||||
%build
|
||||
@ -121,31 +190,32 @@ directories.
|
||||
# variable.
|
||||
export DESTDIR=%{buildroot}
|
||||
./configure \
|
||||
--prefix=%{nginx_datadir} \
|
||||
--prefix=%{_datadir}/nginx \
|
||||
--sbin-path=%{_sbindir}/nginx \
|
||||
--conf-path=%{nginx_confdir}/nginx.conf \
|
||||
--error-log-path=%{nginx_logdir}/error.log \
|
||||
--http-log-path=%{nginx_logdir}/access.log \
|
||||
--http-client-body-temp-path=%{nginx_home_tmp}/client_body \
|
||||
--http-proxy-temp-path=%{nginx_home_tmp}/proxy \
|
||||
--http-fastcgi-temp-path=%{nginx_home_tmp}/fastcgi \
|
||||
--http-uwsgi-temp-path=%{nginx_home_tmp}/uwsgi \
|
||||
--http-scgi-temp-path=%{nginx_home_tmp}/scgi \
|
||||
--modules-path=%{_libdir}/nginx/modules \
|
||||
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
|
||||
--error-log-path=%{_localstatedir}/log/nginx/error.log \
|
||||
--http-log-path=%{_localstatedir}/log/nginx/access.log \
|
||||
--http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
|
||||
--http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
|
||||
--http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
|
||||
--http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
|
||||
--http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
|
||||
--pid-path=/run/nginx.pid \
|
||||
--lock-path=/run/lock/subsys/nginx \
|
||||
--user=%{nginx_user} \
|
||||
--group=%{nginx_group} \
|
||||
--group=%{nginx_user} \
|
||||
%if 0%{?with_aio}
|
||||
--with-file-aio \
|
||||
%endif
|
||||
--with-ipv6 \
|
||||
--with-http_ssl_module \
|
||||
--with-http_spdy_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_addition_module \
|
||||
--with-http_xslt_module \
|
||||
--with-http_image_filter_module \
|
||||
--with-http_geoip_module \
|
||||
--with-http_xslt_module=dynamic \
|
||||
--with-http_image_filter_module=dynamic \
|
||||
--with-http_geoip_module=dynamic \
|
||||
--with-http_sub_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_flv_module \
|
||||
@ -155,12 +225,15 @@ export DESTDIR=%{buildroot}
|
||||
--with-http_random_index_module \
|
||||
--with-http_secure_link_module \
|
||||
--with-http_degradation_module \
|
||||
--with-http_slice_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_perl_module \
|
||||
--with-mail \
|
||||
--with-http_perl_module=dynamic \
|
||||
--with-mail=dynamic \
|
||||
--with-mail_ssl_module \
|
||||
--with-pcre \
|
||||
--with-pcre-jit \
|
||||
--with-stream=dynamic \
|
||||
--with-stream_ssl_module \
|
||||
%if 0%{?with_gperftools}
|
||||
--with-google_perftools_module \
|
||||
%endif
|
||||
@ -178,27 +251,35 @@ find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
|
||||
find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
|
||||
find %{buildroot} -type f -empty -exec rm -f '{}' \;
|
||||
find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
|
||||
|
||||
install -p -D -m 0644 %{SOURCE10} \
|
||||
%{buildroot}%{_unitdir}/nginx.service
|
||||
|
||||
install -p -D -m 0644 %{SOURCE11} \
|
||||
%{buildroot}%{_sysconfdir}/logrotate.d/nginx
|
||||
|
||||
install -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d
|
||||
install -p -d -m 0755 %{buildroot}%{nginx_confdir}/default.d
|
||||
install -p -d -m 0700 %{buildroot}%{nginx_home}
|
||||
install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}
|
||||
install -p -d -m 0700 %{buildroot}%{nginx_logdir}
|
||||
install -p -d -m 0755 %{buildroot}%{nginx_webroot}
|
||||
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
|
||||
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
|
||||
|
||||
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
|
||||
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
|
||||
install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
|
||||
|
||||
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
|
||||
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
|
||||
install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
|
||||
|
||||
install -p -m 0644 %{SOURCE12} \
|
||||
%{buildroot}%{nginx_confdir}
|
||||
%{buildroot}%{_sysconfdir}/nginx
|
||||
install -p -m 0644 %{SOURCE100} \
|
||||
%{buildroot}%{nginx_webroot}
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
install -p -m 0644 %{SOURCE101} %{SOURCE102} \
|
||||
%{buildroot}%{nginx_webroot}
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
|
||||
%{buildroot}%{nginx_webroot}
|
||||
%{buildroot}%{_datadir}/nginx/html
|
||||
|
||||
%if 0%{?with_mailcap_mimetypes}
|
||||
rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
|
||||
%endif
|
||||
|
||||
install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
|
||||
%{buildroot}%{_mandir}/man8/nginx.8
|
||||
@ -211,17 +292,59 @@ for i in ftdetect indent syntax; do
|
||||
%{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
|
||||
done
|
||||
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
|
||||
echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
|
||||
> %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
|
||||
|
||||
%pre filesystem
|
||||
getent group %{nginx_group} > /dev/null || groupadd -r %{nginx_group}
|
||||
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
|
||||
getent passwd %{nginx_user} > /dev/null || \
|
||||
useradd -r -d %{nginx_home} -g %{nginx_group} \
|
||||
useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
|
||||
-s /sbin/nologin -c "Nginx web server" %{nginx_user}
|
||||
exit 0
|
||||
|
||||
%post
|
||||
%systemd_post nginx.service
|
||||
|
||||
%post mod-http-geoip
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%post mod-http-image-filter
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%post mod-http-perl
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%post mod-http-xslt-filter
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%post mod-mail
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%post mod-stream
|
||||
if [ $1 -eq 1 ]; then
|
||||
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
%systemd_preun nginx.service
|
||||
|
||||
@ -232,8 +355,12 @@ if [ $1 -ge 1 ]; then
|
||||
fi
|
||||
|
||||
%files
|
||||
%doc LICENSE CHANGES README
|
||||
%{nginx_datadir}/html/*
|
||||
%license LICENSE
|
||||
%doc CHANGES README README.fedora
|
||||
%if 0%{rhel} == 7
|
||||
%doc UPGRADE-NOTES-1.6-to-1.10
|
||||
%endif
|
||||
%{_datadir}/nginx/html/*
|
||||
%{_bindir}/nginx-upgrade
|
||||
%{_sbindir}/nginx
|
||||
%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
|
||||
@ -243,77 +370,151 @@ fi
|
||||
%{_mandir}/man8/nginx.8*
|
||||
%{_mandir}/man8/nginx-upgrade.8*
|
||||
%{_unitdir}/nginx.service
|
||||
%config(noreplace) %{nginx_confdir}/fastcgi.conf
|
||||
%config(noreplace) %{nginx_confdir}/fastcgi.conf.default
|
||||
%config(noreplace) %{nginx_confdir}/fastcgi_params
|
||||
%config(noreplace) %{nginx_confdir}/fastcgi_params.default
|
||||
%config(noreplace) %{nginx_confdir}/koi-utf
|
||||
%config(noreplace) %{nginx_confdir}/koi-win
|
||||
%config(noreplace) %{nginx_confdir}/mime.types
|
||||
%config(noreplace) %{nginx_confdir}/mime.types.default
|
||||
%config(noreplace) %{nginx_confdir}/nginx.conf
|
||||
%config(noreplace) %{nginx_confdir}/nginx.conf.default
|
||||
%config(noreplace) %{nginx_confdir}/scgi_params
|
||||
%config(noreplace) %{nginx_confdir}/scgi_params.default
|
||||
%config(noreplace) %{nginx_confdir}/uwsgi_params
|
||||
%config(noreplace) %{nginx_confdir}/uwsgi_params.default
|
||||
%config(noreplace) %{nginx_confdir}/win-utf
|
||||
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
|
||||
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
|
||||
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/koi-utf
|
||||
%config(noreplace) %{_sysconfdir}/nginx/koi-win
|
||||
%if ! 0%{?with_mailcap_mimetypes}
|
||||
%config(noreplace) %{_sysconfdir}/nginx/mime.types
|
||||
%endif
|
||||
%config(noreplace) %{_sysconfdir}/nginx/mime.types.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf
|
||||
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/scgi_params
|
||||
%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
|
||||
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
|
||||
%config(noreplace) %{_sysconfdir}/nginx/win-utf
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
|
||||
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
|
||||
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
|
||||
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
|
||||
%dir %{_libdir}/nginx/modules
|
||||
|
||||
%files all-modules
|
||||
|
||||
%files filesystem
|
||||
%dir %{_datadir}/nginx
|
||||
%dir %{_datadir}/nginx/html
|
||||
%dir %{_sysconfdir}/nginx
|
||||
%dir %{_sysconfdir}/nginx/conf.d
|
||||
%dir %{_sysconfdir}/nginx/default.d
|
||||
|
||||
%files mod-http-geoip
|
||||
%{_datadir}/nginx/modules/mod-http-geoip.conf
|
||||
%{_libdir}/nginx/modules/ngx_http_geoip_module.so
|
||||
|
||||
%files mod-http-image-filter
|
||||
%{_datadir}/nginx/modules/mod-http-image-filter.conf
|
||||
%{_libdir}/nginx/modules/ngx_http_image_filter_module.so
|
||||
|
||||
%files mod-http-perl
|
||||
%{_datadir}/nginx/modules/mod-http-perl.conf
|
||||
%{_libdir}/nginx/modules/ngx_http_perl_module.so
|
||||
%dir %{perl_vendorarch}/auto/nginx
|
||||
%{perl_vendorarch}/nginx.pm
|
||||
%{perl_vendorarch}/auto/nginx/nginx.so
|
||||
%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home}
|
||||
%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home_tmp}
|
||||
%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_logdir}
|
||||
|
||||
%files filesystem
|
||||
%dir %{nginx_datadir}
|
||||
%dir %{nginx_datadir}/html
|
||||
%dir %{nginx_confdir}
|
||||
%dir %{nginx_confdir}/conf.d
|
||||
%dir %{nginx_confdir}/default.d
|
||||
%files mod-http-xslt-filter
|
||||
%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
|
||||
%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
|
||||
|
||||
%files mod-mail
|
||||
%{_datadir}/nginx/modules/mod-mail.conf
|
||||
%{_libdir}/nginx/modules/ngx_mail_module.so
|
||||
|
||||
%files mod-stream
|
||||
%{_datadir}/nginx/modules/mod-stream.conf
|
||||
%{_libdir}/nginx/modules/ngx_stream_module.so
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-9
|
||||
- fix CVE-2016-4450
|
||||
* Tue May 31 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.1-1
|
||||
- update to upstream release 1.10.1
|
||||
|
||||
* Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-8
|
||||
* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.10.0-4
|
||||
- Perl 5.24 rebuild
|
||||
|
||||
* Sun May 8 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.10.0-3
|
||||
- Enable AIO on aarch64 (rhbz 1258414)
|
||||
|
||||
* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-2
|
||||
- only Require nginx-all-modules for EPEL and current Fedora releases
|
||||
|
||||
* Wed Apr 27 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.10.0-1
|
||||
- update to upstream release 1.10.0
|
||||
- split dynamic modules into subpackages
|
||||
- spec file cleanup
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.8.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Tue Jan 26 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.1-1
|
||||
- update to upstream release 1.8.1
|
||||
- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
|
||||
- CVE-2016-0746: Use-after-free during CNAME response processing in resolver
|
||||
- CVE-2016-0742: Invalid pointer dereference in resolver
|
||||
|
||||
* Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-7
|
||||
* Sun Oct 04 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-14
|
||||
- consistently use '%%global with_foo' style of logic
|
||||
- remove PID file before starting nginx (#1268621)
|
||||
|
||||
* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-6
|
||||
* Fri Sep 25 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:1.8.0-13
|
||||
- Use nginx-mimetypes from mailcap (#1248736)
|
||||
- Mark LICENSE as %%license
|
||||
|
||||
* Thu Sep 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-12
|
||||
- also build with gperftools on aarch64 (#1258412)
|
||||
|
||||
* Wed Aug 12 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1:1.8.0-11
|
||||
- nginx.conf: added commented-out SSL configuration directives (#1179232)
|
||||
|
||||
* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-10
|
||||
- switch back to /bin/kill in logrotate script due to SELinux denials
|
||||
|
||||
* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-5
|
||||
- set KillMode=process in systemd service file
|
||||
|
||||
* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-4
|
||||
- fix path to png images in error pages (#1232277)
|
||||
* Tue Jun 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-9
|
||||
- fix path to png in error pages (#1232277)
|
||||
- optimize png images with optipng
|
||||
|
||||
* Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-3
|
||||
* Sun Jun 14 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-8
|
||||
- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
|
||||
- remove After=syslog.target in nginx.service (#1231543)
|
||||
- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)
|
||||
- remove KillMode=mixed as this is not supported on systemd v208
|
||||
|
||||
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-2
|
||||
- improve nginx-upgrade
|
||||
- run nginx-upgrade on package updates
|
||||
* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.8.0-7
|
||||
- Perl 5.22 rebuild
|
||||
|
||||
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-6
|
||||
- revert previous change
|
||||
|
||||
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-5
|
||||
- move default server to default.conf (#1220094)
|
||||
|
||||
* Sun May 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-4
|
||||
- add TimeoutStopSec=5 and KillMode=mixed to nginx.service
|
||||
- remove some redundant files
|
||||
- set worker_processes to auto
|
||||
- add some common options to the http block in nginx.conf
|
||||
- listen on ipv6 for the default server (#1217081)
|
||||
- remove redundant commands in %%post
|
||||
- add --with-pcre-jit to configure options
|
||||
- run nginx-upgrade on package update
|
||||
- remove some redundant scriptlet commands
|
||||
- listen on ipv6 for default server (#1217081)
|
||||
|
||||
* Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.3-1
|
||||
- update to upstream release 1.6.3
|
||||
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-3
|
||||
- improve nginx-upgrade script
|
||||
|
||||
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-2
|
||||
- add --with-pcre-jit
|
||||
|
||||
* Wed Apr 22 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.8.0-1
|
||||
- update to upstream release 1.8.0
|
||||
|
||||
* Thu Apr 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.12-1
|
||||
- update to upstream release 1.7.12
|
||||
|
||||
* Sun Feb 15 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.7.10-1
|
||||
- update to upstream release 1.7.10
|
||||
- remove systemd conditionals
|
||||
|
||||
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.6.2-4
|
||||
- fix package ownership of directories
|
||||
|
Loading…
Reference in New Issue
Block a user