diff --git a/0001-remove-Werror-in-upstream-build-scripts.patch b/0001-remove-Werror-in-upstream-build-scripts.patch index f51c2c3..2695031 100644 --- a/0001-remove-Werror-in-upstream-build-scripts.patch +++ b/0001-remove-Werror-in-upstream-build-scripts.patch @@ -1,4 +1,4 @@ -From cb8f5d414202b098cadbbe5637d79a3cf73b4bf9 Mon Sep 17 00:00:00 2001 +From 00cab63102084b89de0a3494a1d023c4b1d4982b Mon Sep 17 00:00:00 2001 From: Felix Kaechele Date: Sun, 7 Jun 2020 12:14:02 -0400 Subject: [PATCH 1/2] remove Werror in upstream build scripts @@ -27,5 +27,5 @@ index a5c5c18..cdbbadb 100644 # debug CFLAGS="$CFLAGS -g" -- -2.26.2 +2.31.1 diff --git a/0002-change-logs-permissions-to-664.patch b/0002-change-logs-permissions-to-664.patch deleted file mode 100644 index 5bd0981..0000000 --- a/0002-change-logs-permissions-to-664.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 57187b92659e3b66fcbd4cc92a35bc11088e24e6 Mon Sep 17 00:00:00 2001 -From: Felix Kaechele -Date: Sun, 7 Jun 2020 12:14:54 -0400 -Subject: [PATCH 2/2] change logs permissions to 664 - -This patch is carried downstream only. - -Signed-off-by: Felix Kaechele ---- - src/core/ngx_cycle.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c -index 95f4bdf..a0dcca6 100644 ---- a/src/core/ngx_cycle.c -+++ b/src/core/ngx_cycle.c -@@ -1182,7 +1182,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) - } - - fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND, -- NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS); -+ NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220); - - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "reopen file \"%s\", old:%d new:%d", --- -2.26.2 - diff --git a/0002-fix-PIDFile-handling.patch b/0002-fix-PIDFile-handling.patch new file mode 100644 index 0000000..5748b63 --- /dev/null +++ b/0002-fix-PIDFile-handling.patch @@ -0,0 +1,108 @@ +From 62470498cca9a209aa9904668c1949f5229123af Mon Sep 17 00:00:00 2001 +From: Felix Kaechele +Date: Tue, 20 Apr 2021 21:28:18 -0400 +Subject: [PATCH 2/2] fix PIDFile handling + +Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026 + +Rejected upstream: https://trac.nginx.org/nginx/ticket/1897 + +Taken from: https://git.launchpad.net/ubuntu/+source/nginx/tree/debian/patches/nginx-fix-pidfile.patch + +From original patch: +Author: Tj +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365 +iLast-Update: 2020-06-24 + +Signed-off-by: Felix Kaechele +--- + src/core/nginx.c | 24 +++++++++++++++++++++--- + src/os/unix/ngx_daemon.c | 8 ++++++-- + 2 files changed, 27 insertions(+), 5 deletions(-) + +diff --git a/src/core/nginx.c b/src/core/nginx.c +index 48a20e9..32c0afe 100644 +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -339,14 +339,21 @@ main(int argc, char *const *argv) + ngx_process = NGX_PROCESS_MASTER; + } + ++ /* tell-tale to detect if this is parent or child process */ ++ ngx_int_t child_pid = NGX_BUSY; ++ + #if !(NGX_WIN32) + + if (ngx_init_signals(cycle->log) != NGX_OK) { + return 1; + } + ++ /* tell-tale that this code has been executed */ ++ child_pid--; ++ + if (!ngx_inherited && ccf->daemon) { +- if (ngx_daemon(cycle->log) != NGX_OK) { ++ child_pid = ngx_daemon(cycle->log); ++ if (child_pid == NGX_ERROR) { + return 1; + } + +@@ -359,8 +366,19 @@ main(int argc, char *const *argv) + + #endif + +- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { +- return 1; ++ /* If ngx_daemon() returned the child's PID in the parent process ++ * after the fork() set ngx_pid to the child_pid, which gets ++ * written to the PID file, then exit. ++ * For NGX_WIN32 always write the PID file ++ * For others, only write it from the parent process */ ++ if (child_pid < NGX_OK || child_pid > NGX_OK) { ++ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid; ++ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { ++ return 1; ++ } ++ } ++ if (child_pid > NGX_OK) { ++ exit(0); + } + + if (ngx_log_redirect_stderr(cycle) != NGX_OK) { +diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c +index 385c49b..3719854 100644 +--- a/src/os/unix/ngx_daemon.c ++++ b/src/os/unix/ngx_daemon.c +@@ -7,14 +7,17 @@ + + #include + #include ++#include + + + ngx_int_t + ngx_daemon(ngx_log_t *log) + { + int fd; ++ /* retain the return value for passing back to caller */ ++ pid_t pid_child = fork(); + +- switch (fork()) { ++ switch (pid_child) { + case -1: + ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed"); + return NGX_ERROR; +@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log) + break; + + default: +- exit(0); ++ /* let caller do the exit() */ ++ return pid_child; + } + + ngx_parent = ngx_pid; +-- +2.31.1 + diff --git a/nginx.conf b/nginx.conf index f85920a..3cfe698 100644 --- a/nginx.conf +++ b/nginx.conf @@ -45,11 +45,11 @@ http { include /etc/nginx/default.d/*.conf; error_page 404 /404.html; - location = /40x.html { + location = /404.html { } error_page 500 502 503 504 /50x.html; - location = /50x.html { + location = /50x.html { } } diff --git a/nginx.logrotate b/nginx.logrotate index 353da6e..7f8b0a9 100644 --- a/nginx.logrotate +++ b/nginx.logrotate @@ -1,5 +1,4 @@ /var/log/nginx/*log { - create 0664 nginx root daily rotate 10 missingok diff --git a/nginx.service b/nginx.service index e381803..b8e73a5 100644 --- a/nginx.service +++ b/nginx.service @@ -1,7 +1,5 @@ [Unit] Description=The nginx HTTP and reverse proxy server -# We require network-online.target since some features like OCSP stapling -# require working DNS resolvers After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target @@ -14,7 +12,7 @@ PIDFile=/run/nginx.pid ExecStartPre=/usr/bin/rm -f /run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx -ExecReload=/bin/kill -s HUP $MAINPID +ExecReload=/usr/sbin/nginx -s reload KillSignal=SIGQUIT TimeoutStopSec=5 KillMode=mixed diff --git a/nginx.spec b/nginx.spec index 57c0bb4..9500cb0 100644 --- a/nginx.spec +++ b/nginx.spec @@ -28,7 +28,7 @@ Name: nginx Epoch: 1 -Version: 1.19.10 +Version: 1.21.0 Release: 1%{?dist} Summary: A high performance web server and reverse proxy server @@ -58,9 +58,9 @@ Source210: UPGRADE-NOTES-1.6-to-1.10 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. Patch0: 0001-remove-Werror-in-upstream-build-scripts.patch -# downstream patch - changing logs permissions to 664 instead -# previous 644 -Patch1: 0002-change-logs-permissions-to-664.patch +# downstream patch - fix PIDFile race condition (rhbz#1869026) +# rejected upstream: https://trac.nginx.org/nginx/ticket/1897 +Patch1: 0002-fix-PIDFile-handling.patch BuildRequires: make BuildRequires: gcc @@ -68,7 +68,11 @@ BuildRequires: gnupg2 %if 0%{?with_gperftools} BuildRequires: gperftools-devel %endif +%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: openssl-devel +%else +BuildRequires: openssl11-devel +%endif BuildRequires: pcre-devel BuildRequires: zlib-devel @@ -84,11 +88,6 @@ Obsoletes: nginx-mod-http-geoip <= 1:1.16 Requires: system-logos-httpd %endif -%if 0%{?rhel} > 0 && 0%{?rhel} < 8 -# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later. -Requires: nginx-all-modules = %{epoch}:%{version}-%{release} -%endif - Requires: openssl Requires: pcre Requires(pre): nginx-filesystem @@ -96,7 +95,9 @@ Requires(pre): nginx-filesystem Requires: nginx-mimetypes %endif Provides: webserver +%if 0%{?fedora} || 0%{?rhel} >= 8 Recommends: logrotate +%endif BuildRequires: systemd Requires(post): systemd @@ -203,6 +204,13 @@ sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf %endif +%if 0%{?rhel} == 7 +sed \ + -e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl11|' \ + -e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl11 |' \ + -i auto/lib/openssl/conf +%endif + %build # nginx does not utilize a standard configure script. It has its own @@ -228,43 +236,44 @@ if ! ./configure \ --lock-path=/run/lock/subsys/nginx \ --user=%{nginx_user} \ --group=%{nginx_user} \ + --with-compat \ + --with-debug \ %if 0%{?with_aio} --with-file-aio \ %endif - --with-ipv6 \ - --with-http_ssl_module \ - --with-http_v2_module \ - --with-http_realip_module \ - --with-stream_ssl_preread_module \ +%if 0%{?with_gperftools} + --with-google_perftools_module \ +%endif --with-http_addition_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_degradation_module \ + --with-http_flv_module \ %if %{with geoip} --with-http_geoip_module=dynamic \ %endif - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_degradation_module \ - --with-http_slice_module \ - --with-http_stub_status_module \ + --with-http_image_filter_module=dynamic \ + --with-http_mp4_module \ --with-http_perl_module=dynamic \ - --with-http_auth_request_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-http_xslt_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-pcre \ --with-pcre-jit \ --with-stream=dynamic \ --with-stream_ssl_module \ -%if 0%{?with_gperftools} - --with-google_perftools_module \ -%endif - --with-debug \ + --with-stream_ssl_preread_module \ + --with-threads \ --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ --with-ld-opt="$nginx_ldopts"; then : configure failed @@ -314,7 +323,7 @@ ln -s ../../doc/HTML/img \ ln -s ../../doc/HTML/en-US \ %{buildroot}%{_datadir}/nginx/html/en-US %else -ln -s ../../fedora-testpage/index.html \ +ln -s ../../testpage/index.html \ %{buildroot}%{_datadir}/nginx/html/index.html %endif install -p -m 0644 %{SOURCE102} \ @@ -447,7 +456,7 @@ fi %config(noreplace) %{_sysconfdir}/logrotate.d/nginx %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx %attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp -%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx +%dir %{_localstatedir}/log/nginx %dir %{_libdir}/nginx/modules %files all-modules @@ -492,6 +501,9 @@ fi %changelog +* Tue May 25 2021 Felix Kaechele - 1:1.21.0-1 +- update to 1.21.0 + * Tue Apr 13 2021 Felix Kaechele - 1:1.19.10-1 - update to 1.19.10 diff --git a/sources b/sources index 46964a3..02fe41f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nginx-1.19.10.tar.gz) = aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea -SHA512 (nginx-1.19.10.tar.gz.asc) = 85c103ea7dba22819dcaf143fb0ce680d2fbb7e52cd0a99e96ffde587603f669d87bda953b954244a90cbc786ec1059f719c4d3f914d33dac59a1a7e93d4a2ef +SHA512 (nginx-1.21.0.tar.gz) = 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad +SHA512 (nginx-1.21.0.tar.gz.asc) = ce113a4ad339653610717d6f0041248c569046503cdc00d9323abb7de0f1d6c108c5bcd48eda74576ca42e76accdacfd63d5e75766bf9322b1400b9378a3c4a1