update to 1.21.0

Signed-off-by: Felix Kaechele <heffer@fedoraproject.org>
2021-05-25 12:40:35 -04:00 · 2021-05-25 12:40:35 -04:00 · dbd3f59bb9
parent 65ea168165
commit dbd3f59bb9
8 changed files with 159 additions and 70 deletions
--- a/0001-remove-Werror-in-upstream-build-scripts.patch
+++ b/0001-remove-Werror-in-upstream-build-scripts.patch
@ -1,4 +1,4 @@
-From cb8f5d414202b098cadbbe5637d79a3cf73b4bf9 Mon Sep 17 00:00:00 2001
+From 00cab63102084b89de0a3494a1d023c4b1d4982b Mon Sep 17 00:00:00 2001
 From: Felix Kaechele <felix@kaechele.ca>
 Date: Sun, 7 Jun 2020 12:14:02 -0400
 Subject: [PATCH 1/2] remove Werror in upstream build scripts
@ -27,5 +27,5 @@ index a5c5c18..cdbbadb 100644
 # debug
 CFLAGS="$CFLAGS -g"
 -- 
-2.26.2
+2.31.1

--- a/0002-change-logs-permissions-to-664.patch
+++ b/0002-change-logs-permissions-to-664.patch
@ -1,28 +0,0 @@
-From 57187b92659e3b66fcbd4cc92a35bc11088e24e6 Mon Sep 17 00:00:00 2001
-From: Felix Kaechele <felix@kaechele.ca>
-Date: Sun, 7 Jun 2020 12:14:54 -0400
-Subject: [PATCH 2/2] change logs permissions to 664
-
-This patch is carried downstream only.
-
-Signed-off-by: Felix Kaechele <felix@kaechele.ca>
---
- src/core/ngx_cycle.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
-index 95f4bdf..a0dcca6 100644
--- a/src/core/ngx_cycle.c
-+++ b/src/core/ngx_cycle.c
-@@ -1182,7 +1182,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
-         }
- 
-         fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND,
-                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS);
-+                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220);
- 
-         ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
-                        "reopen file \"%s\", old:%d new:%d",
-- 
-2.26.2
-
--- a/0002-fix-PIDFile-handling.patch
+++ b/0002-fix-PIDFile-handling.patch
@ -0,0 +1,108 @@
+From 62470498cca9a209aa9904668c1949f5229123af Mon Sep 17 00:00:00 2001
+From: Felix Kaechele <felix@kaechele.ca>
+Date: Tue, 20 Apr 2021 21:28:18 -0400
+Subject: [PATCH 2/2] fix PIDFile handling
+
+Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026
+
+Rejected upstream: https://trac.nginx.org/nginx/ticket/1897
+
+Taken from: https://git.launchpad.net/ubuntu/+source/nginx/tree/debian/patches/nginx-fix-pidfile.patch
+
+From original patch:
+Author: Tj <ubuntu@iam.tj>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365
+iLast-Update: 2020-06-24
+
+Signed-off-by: Felix Kaechele <felix@kaechele.ca>
+---
+ src/core/nginx.c         | 24 +++++++++++++++++++++---
+ src/os/unix/ngx_daemon.c |  8 ++++++--
+ 2 files changed, 27 insertions(+), 5 deletions(-)
+
+diff --git a/src/core/nginx.c b/src/core/nginx.c
+index 48a20e9..32c0afe 100644
+--- a/src/core/nginx.c
+++ b/src/core/nginx.c
+@@ -339,14 +339,21 @@ main(int argc, char *const *argv)
+         ngx_process = NGX_PROCESS_MASTER;
+     }
+ 
+    /* tell-tale to detect if this is parent or child process */
+    ngx_int_t child_pid = NGX_BUSY;
+
+ #if !(NGX_WIN32)
+ 
+     if (ngx_init_signals(cycle->log) != NGX_OK) {
+         return 1;
+     }
+ 
+    /* tell-tale that this code has been executed */
+    child_pid--;
+
+     if (!ngx_inherited && ccf->daemon) {
+-        if (ngx_daemon(cycle->log) != NGX_OK) {
+        child_pid = ngx_daemon(cycle->log);
+        if (child_pid == NGX_ERROR) {
+             return 1;
+         }
+ 
+@@ -359,8 +366,19 @@ main(int argc, char *const *argv)
+ 
+ #endif
+ 
+-    if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
+-        return 1;
+    /* If ngx_daemon() returned the child's PID in the parent process
+     * after the fork() set ngx_pid to the child_pid, which gets
+     * written to the PID file, then exit.
+     * For NGX_WIN32 always write the PID file
+     * For others, only write it from the parent process */
+    if (child_pid < NGX_OK || child_pid > NGX_OK) {
+	ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
+        if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
+            return 1;
+	}
+    }
+    if (child_pid > NGX_OK) {
+        exit(0);
+     }
+ 
+     if (ngx_log_redirect_stderr(cycle) != NGX_OK) {
+diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
+index 385c49b..3719854 100644
+--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
+@@ -7,14 +7,17 @@
+ 
+ #include <ngx_config.h>
+ #include <ngx_core.h>
+#include <unistd.h>
+ 
+ 
+ ngx_int_t
+ ngx_daemon(ngx_log_t *log)
+ {
+     int  fd;
+    /* retain the return value for passing back to caller */
+    pid_t pid_child = fork();
+ 
+-    switch (fork()) {
+    switch (pid_child) {
+     case -1:
+         ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
+         return NGX_ERROR;
+@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
+         break;
+ 
+     default:
+-        exit(0);
+        /* let caller do the exit() */
+        return pid_child;
+     }
+ 
+     ngx_parent = ngx_pid;
+-- 
+2.31.1
+
--- a/nginx.conf
+++ b/nginx.conf
@ -45,11 +45,11 @@ http {
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
-            location = /40x.html {
+        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+        location = /50x.html {
        }
    }

--- a/nginx.logrotate
+++ b/nginx.logrotate
@ -1,5 +1,4 @@
 /var/log/nginx/*log {
-    create 0664 nginx root
    daily
    rotate 10
    missingok
--- a/nginx.service
+++ b/nginx.service
@ -1,7 +1,5 @@
 [Unit]
 Description=The nginx HTTP and reverse proxy server
-# We require network-online.target since some features like OCSP stapling
-# require working DNS resolvers
 After=network-online.target remote-fs.target nss-lookup.target
 Wants=network-online.target

@ -14,7 +12,7 @@ PIDFile=/run/nginx.pid
 ExecStartPre=/usr/bin/rm -f /run/nginx.pid
 ExecStartPre=/usr/sbin/nginx -t
 ExecStart=/usr/sbin/nginx
-ExecReload=/bin/kill -s HUP $MAINPID
+ExecReload=/usr/sbin/nginx -s reload
 KillSignal=SIGQUIT
 TimeoutStopSec=5
 KillMode=mixed
--- a/nginx.spec
+++ b/nginx.spec
@ -28,7 +28,7 @@

 Name:              nginx
 Epoch:             1
-Version:           1.19.10
+Version:           1.21.0
 Release:           1%{?dist}

 Summary:           A high performance web server and reverse proxy server
@ -58,9 +58,9 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10
 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 Patch0:            0001-remove-Werror-in-upstream-build-scripts.patch

-# downstream patch - changing logs permissions to 664 instead
-# previous 644
-Patch1:            0002-change-logs-permissions-to-664.patch
+# downstream patch - fix PIDFile race condition (rhbz#1869026)
+# rejected upstream: https://trac.nginx.org/nginx/ticket/1897
+Patch1:            0002-fix-PIDFile-handling.patch

 BuildRequires:     make
 BuildRequires:     gcc
@ -68,7 +68,11 @@ BuildRequires:     gnupg2
 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
 %endif
+%if 0%{?fedora} || 0%{?rhel} >= 8
 BuildRequires:     openssl-devel
+%else
+BuildRequires:     openssl11-devel
+%endif
 BuildRequires:     pcre-devel
 BuildRequires:     zlib-devel

@ -84,11 +88,6 @@ Obsoletes:         nginx-mod-http-geoip <= 1:1.16
 Requires:          system-logos-httpd
 %endif

-%if 0%{?rhel} > 0 && 0%{?rhel} < 8
-# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
-Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}
-%endif
-
 Requires:          openssl
 Requires:          pcre
 Requires(pre):     nginx-filesystem
@ -96,7 +95,9 @@ Requires(pre):     nginx-filesystem
 Requires:          nginx-mimetypes
 %endif
 Provides:          webserver
+%if 0%{?fedora} || 0%{?rhel} >= 8
 Recommends:        logrotate
+%endif

 BuildRequires:     systemd
 Requires(post):    systemd
@ -203,6 +204,13 @@ sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
 sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
 %endif

+%if 0%{?rhel} == 7
+sed \
+  -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl11|' \
+  -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl11 |' \
+  -i auto/lib/openssl/conf
+%endif
+

 %build
 # nginx does not utilize a standard configure script.  It has its own
@ -228,43 +236,44 @@ if ! ./configure \
    --lock-path=/run/lock/subsys/nginx \
    --user=%{nginx_user} \
    --group=%{nginx_user} \
+    --with-compat \
+    --with-debug \
 %if 0%{?with_aio}
    --with-file-aio \
 %endif
-    --with-ipv6 \
-    --with-http_ssl_module \
-    --with-http_v2_module \
-    --with-http_realip_module \
-    --with-stream_ssl_preread_module \
+%if 0%{?with_gperftools}
+    --with-google_perftools_module \
+%endif
    --with-http_addition_module \
-    --with-http_xslt_module=dynamic \
-    --with-http_image_filter_module=dynamic \
+    --with-http_auth_request_module \
+    --with-http_dav_module \
+    --with-http_degradation_module \
+    --with-http_flv_module \
 %if %{with geoip}
    --with-http_geoip_module=dynamic \
 %endif
-    --with-http_sub_module \
-    --with-http_dav_module \
-    --with-http_flv_module \
-    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
-    --with-http_random_index_module \
-    --with-http_secure_link_module \
-    --with-http_degradation_module \
-    --with-http_slice_module \
-    --with-http_stub_status_module \
+    --with-http_image_filter_module=dynamic \
+    --with-http_mp4_module \
    --with-http_perl_module=dynamic \
-    --with-http_auth_request_module \
+    --with-http_random_index_module \
+    --with-http_realip_module \
+    --with-http_secure_link_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_stub_status_module \
+    --with-http_sub_module \
+    --with-http_v2_module \
+    --with-http_xslt_module=dynamic \
    --with-mail=dynamic \
    --with-mail_ssl_module \
    --with-pcre \
    --with-pcre-jit \
    --with-stream=dynamic \
    --with-stream_ssl_module \
-%if 0%{?with_gperftools}
-    --with-google_perftools_module \
-%endif
-    --with-debug \
+    --with-stream_ssl_preread_module \
+    --with-threads \
    --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
    --with-ld-opt="$nginx_ldopts"; then
  : configure failed
@ -314,7 +323,7 @@ ln -s ../../doc/HTML/img \
 ln -s ../../doc/HTML/en-US \
      %{buildroot}%{_datadir}/nginx/html/en-US
 %else
-ln -s ../../fedora-testpage/index.html \
+ln -s ../../testpage/index.html \
      %{buildroot}%{_datadir}/nginx/html/index.html
 %endif
 install -p -m 0644 %{SOURCE102} \
@ -447,7 +456,7 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
 %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
-%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx
+%dir %{_localstatedir}/log/nginx
 %dir %{_libdir}/nginx/modules

 %files all-modules
@ -492,6 +501,9 @@ fi


 %changelog
+* Tue May 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.21.0-1
+- update to 1.21.0
+
 * Tue Apr 13 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.19.10-1
 - update to 1.19.10

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (nginx-1.19.10.tar.gz) = aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
-SHA512 (nginx-1.19.10.tar.gz.asc) = 85c103ea7dba22819dcaf143fb0ce680d2fbb7e52cd0a99e96ffde587603f669d87bda953b954244a90cbc786ec1059f719c4d3f914d33dac59a1a7e93d4a2ef
+SHA512 (nginx-1.21.0.tar.gz) = 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
+SHA512 (nginx-1.21.0.tar.gz.asc) = ce113a4ad339653610717d6f0041248c569046503cdc00d9323abb7de0f1d6c108c5bcd48eda74576ca42e76accdacfd63d5e75766bf9322b1400b9378a3c4a1