fix 404.html location and indenting (rhbz#1409685)

include patch for CVE-2019-20372 (rhbz#1790280)
rework patches to work with %%autosetup

0001-remove-Werror-in-upstream-build-scripts.patch

@@ -0,0 +1,31 @@
+From dc82bbc50774a2a51427a33a84ac928b3f706a6f Mon Sep 17 00:00:00 2001
+From: Felix Kaechele <felix@kaechele.ca>
+Date: Sun, 7 Jun 2020 12:14:02 -0400
+Subject: [PATCH 1/3] remove Werror in upstream build scripts
+
+removes -Werror in upstream build scripts.  -Werror conflicts with
+-D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
+
+Signed-off-by: Felix Kaechele <felix@kaechele.ca>
+---
+ auto/cc/gcc | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/auto/cc/gcc b/auto/cc/gcc
+index a5c5c18..cdbbadb 100644
+--- a/auto/cc/gcc
++++ b/auto/cc/gcc
+@@ -166,7 +166,9 @@ esac
+ 
+ 
+ # stop on warning
+-CFLAGS="$CFLAGS -Werror"
++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
++# to not compile.
++#CFLAGS="$CFLAGS -Werror"
+ 
+ # debug
+ CFLAGS="$CFLAGS -g"
+-- 
+2.26.2
+

0002-change-logs-permissions-to-664.patch

@@ -1,8 +1,20 @@
+From c770a31fbfcc1e69ac666f52676e709a65c9ef72 Mon Sep 17 00:00:00 2001
+From: Felix Kaechele <felix@kaechele.ca>
+Date: Sun, 7 Jun 2020 12:14:54 -0400
+Subject: [PATCH 2/3] change logs permissions to 664
+
+This patch is carried downstream only.
+
+Signed-off-by: Felix Kaechele <felix@kaechele.ca>
+---
+ src/core/ngx_cycle.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
 diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
-index aee7a58..bcceecb 100644
+index 95f4bdf..a0dcca6 100644
 --- a/src/core/ngx_cycle.c
 +++ b/src/core/ngx_cycle.c
-@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
+@@ -1182,7 +1182,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
          }
  
          fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND,
@@ -11,3 +23,6 @@ index aee7a58..bcceecb 100644
  
          ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
                         "reopen file \"%s\", old:%d new:%d",
+-- 
+2.26.2
+

0003-Discard-request-body-when-redirecting-to-a-URL-via-e.patch

@@ -0,0 +1,31 @@
+From b0e0114ed7d127e38b50fd1c2827eb959bd9a18f Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH 3/3] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 4ffb2cc..76e6705 100644
+--- a/src/http/ngx_http_special_response.c
++++ b/src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+         return ngx_http_named_location(r, &uri);
+     }
+ 
++    r->expect_tested = 1;
++
++    if (ngx_http_discard_request_body(r) != NGX_OK) {
++        r->keepalive = 0;
++    }
++
+     location = ngx_list_push(&r->headers_out.headers);
+ 
+     if (location == NULL) {
+-- 
+2.26.2
+

nginx-auto-cc-gcc.patch

@@ -1,13 +0,0 @@
---- auto/cc/gcc.orig	2007-03-22 08:34:53.000000000 -0600
-+++ auto/cc/gcc	2007-03-22 08:58:47.000000000 -0600
-@@ -172,7 +172,9 @@
- 
- 
- # stop on warning
--CFLAGS="$CFLAGS -Werror"
-+# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
-+# to not compile.
-+#CFLAGS="$CFLAGS -Werror"
- 
- # debug
- CFLAGS="$CFLAGS -g"

nginx.conf

@@ -48,11 +48,11 @@ http {
         }
 
         error_page 404 /404.html;
-            location = /40x.html {
+        location = /404.html {
         }
 
         error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+        location = /50x.html {
         }
     }
 
@@ -78,11 +78,11 @@ http {
 #        }
 #
 #        error_page 404 /404.html;
-#            location = /40x.html {
+#        location = /404.html {
 #        }
 #
 #        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
+#        location = /50x.html {
 #        }
 #    }
 

nginx.spec

@@ -23,7 +23,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.16.1
-Release:           1%{?dist}
+Release:           2%{?dist}
 
 Summary:           A high performance web server and reverse proxy server
 # BSD License (two clause)
@@ -45,11 +45,14 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10
 
 # removes -Werror in upstream build scripts.  -Werror conflicts with
 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
-Patch0:            nginx-auto-cc-gcc.patch
+Patch0:            0001-remove-Werror-in-upstream-build-scripts.patch
 
 # downstream patch - changing logs permissions to 664 instead
 # previous 644
-Patch2:            nginx-1.12.1-logs-perm.patch
+Patch1:            0002-change-logs-permissions-to-664.patch
+
+# CVE-2019-20372
+Patch2:            0003-Discard-request-body-when-redirecting-to-a-URL-via-e.patch
 
 BuildRequires:     gcc
 %if 0%{?with_gperftools}
@@ -178,9 +181,7 @@ Requires:          nginx
 
 
 %prep
-%setup -q
-%patch0 -p0
-%patch2 -p1
+%autosetup -p1
 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
 
 %if 0%{?rhel} > 0 && 0%{?rhel} < 8
@@ -477,6 +478,11 @@ fi
 
 
 %changelog
+* Sun Jun 07 2020 Felix Kaechele <heffer@fedoraproject.org> - 1:1.16.1-2
+- fix 404.html location and indenting (rhbz#1409685)
+- include patch for CVE-2019-20372 (rhbz#1790280)
+- rework patches to work with %%autosetup
+
 * Sun Sep 15 2019 Warren Togami <warren@blockstream.com>
 - add conditionals for EPEL7, see rhbz#1750857