@ -5,20 +5,10 @@
# See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
# See: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
%undefine _strict_symbol_defs_build
%undefine _strict_symbol_defs_build
%global with_gperftools 0
%bcond_with geoip
%bcond_with geoip
# nginx gperftools support should be dissabled for RHEL >= 8
# see: https://bugzilla.redhat.com/show_bug.cgi?id=1931402
%if 0%{?rhel} >= 8
%global with_gperftools 0
%else
# gperftools exist only on selected arches
# gperftools *detection* is failing on ppc64*, possibly only configure
# bug, but disable anyway.
%ifnarch s390 s390x ppc64 ppc64le
%global with_gperftools 1
%endif
%endif
%global with_aio 1
%global with_aio 1
@ -26,42 +16,26 @@
%global with_mailcap_mimetypes 1
%global with_mailcap_mimetypes 1
%endif
%endif
# Cf. https://www.nginx.com/blog/creating-installable-packages-dynamic-modules/
%global nginx_abiversion %{version}
%global nginx_moduledir %{_libdir}/nginx/modules
%global nginx_moduleconfdir %{_datadir}/nginx/modules
%global nginx_srcdir %{_usrsrc}/%{name}-%{version}-%{release}
# Do not generate provides/requires from nginx sources
%global __provides_exclude_from ^%{nginx_srcdir}/.*$
%global __requires_exclude_from ^%{nginx_srcdir}/.*$
Name: nginx
Name: nginx
Epoch: 1
Epoch: 1
Version: 1.20 .1
Version: 1.16.1
Release: 16 %{?dist}.1
Release: 2%{?dist}.1
Summary: A high performance web server and reverse proxy server
Summary: A high performance web server and reverse proxy server
Group: System Environment/Daemons
# BSD License (two clause)
# BSD License (two clause)
# http://www.freebsd.org/copyright/freebsd-license.html
# http://www.freebsd.org/copyright/freebsd-license.html
License: BSD
License: BSD
URL: https ://nginx.org
URL: http://nginx.org/
Source0: https://nginx.org/download/nginx-%{version}.tar.gz
Source0: https://nginx.org/download/nginx-%{version}.tar.gz
Source1: https://nginx.org/download/nginx-%{version}.tar.gz.asc
# Keys are found here: https://nginx.org/en/pgp_keys.html
Source2: https://nginx.org/keys/maxim.key
Source3: https://nginx.org/keys/mdounin.key
Source4: https://nginx.org/keys/sb.key
Source10: nginx.service
Source10: nginx.service
Source11: nginx.logrotate
Source11: nginx.logrotate
Source12: nginx.conf
Source12: nginx.conf
Source13: nginx-upgrade
Source13: nginx-upgrade
Source14: nginx-upgrade.8
Source14: nginx-upgrade.8
Source15: macros.nginxmods.in
Source100: index.html
Source16: nginxmods.attr
Source101: poweredby.png
Source102: nginx-logo.png
Source102: nginx-logo.png
Source103: 404.html
Source103: 404.html
Source104: 50x.html
Source104: 50x.html
@ -70,91 +44,61 @@ Source210: UPGRADE-NOTES-1.6-to-1.10
# removes -Werror in upstream build scripts. -Werror conflicts with
# removes -Werror in upstream build scripts. -Werror conflicts with
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
Patch0: 0001-remove-Werror-in-upstream-build-scripts .patch
Patch0: nginx-auto-cc-gcc .patch
# downstream patch - fix PIDFile race condition (rhbz#1869026)
# downstream patch - changing logs permissions to 664 instead
# rejected upstream: https://trac.nginx.org/nginx/ticket/1897
# previous 644
Patch1: 0002-fix-PIDFile-handling .patch
Patch1: nginx-1.14.0-logs-perm .patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=1955564
# PKCS#11 engine fix
Patch2: 0003-Support-loading-cert-hardware-token-PKC .patch
Patch2: nginx-1.16.0-pkcs11 .patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822
# https://bugzilla.redhat.com/show_bug.cgi?id=1655530
Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl .patch
Patch3: nginx-1.14.1-perl-module-hardening .patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
Patch4: 0005-Init-openssl-engine-properly .patch
Patch4: nginx-1.16.0-enable-tls1v3-by-default .patch
# upstream patch - fixing ALPACA(CVE-2021-3618) security issue - https://bugzilla.redhat.com/show_bug.cgi?id=1975623
# https://bugzilla.redhat.com/show_bug.cgi?id=1790277
Patch5: 0006-Fix-ALPACA-security-issue .patch
Patch5: nginx-1.16.1-CVE-2019-20372 .patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=202878 1
# https://bugzilla.redhat.com/show_bug.cgi?id=1963174
Patch6: 0007-Enable-TLSv1.3-by-default .patch
Patch6: nginx-1.16.0-CVE-2021-23017 .patch
# security patch - https://issues.redhat.com/browse/RHEL-12518
Patch7: 0008-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-40075
Patch8: 0009-Optimized-chain-link-usage.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
%if 0%{?with_gperftools}
%if 0%{?with_gperftools}
BuildRequires: gperftools-devel
BuildRequires: gperftools-devel
%endif
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: openssl-devel
BuildRequires: openssl-devel
%else
BuildRequires: openssl11-devel
%endif
BuildRequires: pcre-devel
BuildRequires: pcre-devel
BuildRequires: zlib-devel
BuildRequires: zlib-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
%if 0%{?el7}
# centos-logos el7 does not provide 'system-indexhtml'
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
Requires: system-logos redhat-indexhtml
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
# need to remove epel7 geoip sub-package, doesn't work anymore
Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
# https://bugzilla.redhat.com/show_bug.cgi?id=1576034
# https://bugzilla.redhat.com/show_bug.cgi?id=1664957
Obsoletes: nginx-mod-http-geoip <= 1:1.16
%else
Requires: system-logos-httpd
%endif
%endif
Requires: openssl
Requires: pcre
Requires: pcre
Provides: webserver
Requires(pre): nginx-filesystem
%if 0%{?fedora} || 0%{?rhel} >= 8
%if 0%{?with_mailcap_mimetypes}
Recommends: logrotate
Requires: nginx-mimetypes
%endif
%endif
Requires: %{name}-core = %{epoch}:%{version}-%{release}
Provides: webserver
BuildRequires: systemd
BuildRequires: systemd
Requires(post): systemd
Requires(post): systemd
Requires(preun): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(postun): systemd
# For external nginx modules
Provides: nginx(abi) = %{nginx_abiversion}
%description
%description
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
memory usage.
%package core
Summary: nginx minimal core
%if 0%{?with_mailcap_mimetypes}
Requires: nginx-mimetypes
%endif
Requires: openssl-libs
Requires(pre): nginx-filesystem
Conflicts: nginx < 1:1.20.1-13
%description core
nginx minimal core
%package all-modules
%package all-modules
Group: System Environment/Daemons
Summary: A meta package that installs all available Nginx modules
Summary: A meta package that installs all available Nginx modules
BuildArch: noarch
BuildArch: noarch
@ -168,9 +112,10 @@ Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
%description all-modules
%description all-modules
Meta package that installs all available n ginx modules.
A meta package that installs all available N ginx modules.
%package filesystem
%package filesystem
Group: System Environment/Daemons
Summary: The basic directory layout for the Nginx server
Summary: The basic directory layout for the Nginx server
BuildArch: noarch
BuildArch: noarch
Requires(pre): shadow-utils
Requires(pre): shadow-utils
@ -182,9 +127,10 @@ directories.
%if %{with geoip}
%if %{with geoip}
%package mod-http-geoip
%package mod-http-geoip
Group: System Environment/Daemons
Summary: Nginx HTTP geoip module
Summary: Nginx HTTP geoip module
BuildRequires: GeoIP-devel
BuildRequires: GeoIP-devel
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
Requires: GeoIP
Requires: GeoIP
%description mod-http-geoip
%description mod-http-geoip
@ -192,22 +138,24 @@ Requires: GeoIP
%endif
%endif
%package mod-http-image-filter
%package mod-http-image-filter
Group: System Environment/Daemons
Summary: Nginx HTTP image filter module
Summary: Nginx HTTP image filter module
BuildRequires: gd-devel
BuildRequires: gd-devel
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
Requires: gd
Requires: gd
%description mod-http-image-filter
%description mod-http-image-filter
%{summary}.
%{summary}.
%package mod-http-perl
%package mod-http-perl
Group: System Environment/Daemons
Summary: Nginx HTTP perl module
Summary: Nginx HTTP perl module
BuildRequires: perl-devel
BuildRequires: perl-devel
%if 0%{?fedora} >= 24 || 0%{?rhel} >= 7
%if 0%{?fedora} >= 24
BuildRequires: perl-generators
BuildRequires: perl-generators
%endif
%endif
BuildRequires: perl(ExtUtils::Embed)
BuildRequires: perl(ExtUtils::Embed)
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: perl(constant)
Requires: perl(constant)
@ -215,59 +163,41 @@ Requires: perl(constant)
%{summary}.
%{summary}.
%package mod-http-xslt-filter
%package mod-http-xslt-filter
Group: System Environment/Daemons
Summary: Nginx XSLT module
Summary: Nginx XSLT module
BuildRequires: libxslt-devel
BuildRequires: libxslt-devel
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
%description mod-http-xslt-filter
%description mod-http-xslt-filter
%{summary}.
%{summary}.
%package mod-mail
%package mod-mail
Group: System Environment/Daemons
Summary: Nginx mail modules
Summary: Nginx mail modules
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
%description mod-mail
%description mod-mail
%{summary}.
%{summary}.
%package mod-stream
%package mod-stream
Group: System Environment/Daemons
Summary: Nginx stream modules
Summary: Nginx stream modules
Requires: nginx(abi) = %{nginx_abiversion}
Requires: nginx
%description mod-stream
%description mod-stream
%{summary}.
%{summary}.
%package mod-devel
Summary: Nginx module development files
Requires: nginx = %{epoch}:%{version}-%{release}
Requires: make
Requires: gcc
Requires: gd-devel
%if 0%{?with_gperftools}
Requires: gperftools-devel
%endif
%if %{with geoip}
Requires: GeoIP-devel
%endif
Requires: libxslt-devel
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires: openssl-devel
%else
Requires: openssl11-devel
%endif
Requires: pcre-devel
Requires: perl-devel
Requires: perl(ExtUtils::Embed)
Requires: zlib-devel
%description mod-devel
%{summary}.
%prep
%prep
# Combine all keys from upstream into one file
%setup -q
cat %{S:2} %{S:3} %{S:4} > %{_builddir}/%{name}.gpg
%patch0 -p0
%{gpgverify} --keyring='%{_builddir}/%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%patch1 -p1
%autosetup -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
@ -275,17 +205,6 @@ sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
%endif
%endif
%if 0%{?rhel} == 7
sed \
-e 's|\(ngx_feature_path=\)$|\1%{_includedir}/openssl11|' \
-e 's|\(ngx_feature_libs="\)|\1-L%{_libdir}/openssl11 |' \
-i auto/lib/openssl/conf
%endif
# Prepare sources for installation
cp -a ../%{name}-%{version} ../%{name}-%{version}-%{release}-src
mv ../%{name}-%{version}-%{release}-src .
%build
%build
# nginx does not utilize a standard configure script. It has its own
# nginx does not utilize a standard configure script. It has its own
@ -293,12 +212,10 @@ mv ../%{name}-%{version}-%{release}-src .
# to error out. This is is also the reason for the DESTDIR environment
# to error out. This is is also the reason for the DESTDIR environment
# variable.
# variable.
export DESTDIR=%{buildroot}
export DESTDIR=%{buildroot}
# So the perl module finds its symbols:
./configure \
nginx_ldopts="$RPM_LD_FLAGS -Wl,-E"
if ! ./configure \
--prefix=%{_datadir}/nginx \
--prefix=%{_datadir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--modules-path=%{nginx_moduledir} \
--modules-path=%{_libdir}/nginx/modules \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
@ -311,56 +228,51 @@ if ! ./configure \
--lock-path=/run/lock/subsys/nginx \
--lock-path=/run/lock/subsys/nginx \
--user=%{nginx_user} \
--user=%{nginx_user} \
--group=%{nginx_user} \
--group=%{nginx_user} \
--with-compat \
--with-debug \
%if 0%{?with_aio}
%if 0%{?with_aio}
--with-file-aio \
--with-file-aio \
%endif
%endif
%if 0%{?with_gperftools}
--with-ipv6 \
--with-google_perftools_module \
--with-http_ssl_module \
%endif
--with-http_v2_module \
--with-http_realip_module \
--with-stream_ssl_preread_module \
--with-http_addition_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_dav_module \
--with-http_image_filter_module=dynamic \
--with-http_degradation_module \
--with-http_flv_module \
%if %{with geoip}
%if %{with geoip}
--with-http_geoip_module=dynamic \
--with-http_geoip_module=dynamic \
%endif
%endif
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_mp4_module \
--with-http_perl_module=dynamic \
--with-http_random_index_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_perl_module=dynamic \
--with-http_v2_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-mail=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-mail_ssl_module \
--with-pcre \
--with-pcre \
--with-pcre-jit \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
%if 0%{?with_gperftools}
--with-threads \
--with-google_perftools_module \
%endif
--with-debug \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
--with-ld-opt="$nginx_ldopts"; then
--with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols
: configure failed
cat objs/autoconf.err
exit 1
fi
%make_build
make %{?_smp_mflags}
%install
%install
%make_install INSTALLDIRS=vendor
make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
@ -383,39 +295,15 @@ install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
install -p -d -m 0755 %{buildroot}%{nginx_moduleconfdir}
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
install -p -d -m 0755 %{buildroot}%{nginx_moduledir}
install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
install -p -m 0644 ./nginx.conf \
install -p -m 0644 ./nginx.conf \
%{buildroot}%{_sysconfdir}/nginx
%{buildroot}%{_sysconfdir}/nginx
install -p -m 0644 %{SOURCE100} \
rm -f %{buildroot}%{_datadir}/nginx/html/index.html
%{buildroot}%{_datadir}/nginx/html
%if 0%{?el7}
install -p -m 0644 %{SOURCE101} %{SOURCE102} \
ln -s ../../doc/HTML/index.html \
%{buildroot}%{_datadir}/nginx/html/index.html
ln -s ../../doc/HTML/img \
%{buildroot}%{_datadir}/nginx/html/img
ln -s ../../doc/HTML/en-US \
%{buildroot}%{_datadir}/nginx/html/en-US
%else
ln -s ../../testpage/index.html \
%{buildroot}%{_datadir}/nginx/html/index.html
%endif
install -p -m 0644 %{SOURCE102} \
%{buildroot}%{_datadir}/nginx/html
%{buildroot}%{_datadir}/nginx/html
ln -s nginx-logo.png %{buildroot}%{_datadir}/nginx/html/poweredby.png
mkdir -p %{buildroot}%{_datadir}/nginx/html/icons
# Symlink for the powered-by-$DISTRO image:
ln -s ../../../pixmaps/poweredby.png \
%{buildroot}%{_datadir}/nginx/html/icons/poweredby.png
%if 0%{?rhel} >= 9
ln -s ../../pixmaps/system-noindex-logo.png \
%{buildroot}%{_datadir}/nginx/html/system_noindex_logo.png
%endif
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
%{buildroot}%{_datadir}/nginx/html
%{buildroot}%{_datadir}/nginx/html
@ -429,41 +317,25 @@ install -p -D -m 0644 %{_builddir}/nginx-%{version}/objs/nginx.8 \
install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
for i in ftdetect ftplugin indent syntax; do
for i in ftdetect indent syntax; do
install -p -D -m644 contrib/vim/${i}/nginx.vim \
install -p -D -m644 contrib/vim/${i}/nginx.vim \
%{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
%{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
done
done
%if %{with geoip}
%if %{with geoip}
echo 'load_module "%{nginx_moduledir} /ngx_http_geoip_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules /ngx_http_geoip_module.so";' \
> %{buildroot}%{nginx_moduleconfdir} /mod-http-geoip.conf
> %{buildroot}%{_datadir}/nginx/modules /mod-http-geoip.conf
%endif
%endif
echo 'load_module "%{nginx_moduledir}/ngx_http_image_filter_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
> %{buildroot}%{nginx_moduleconfdir}/mod-http-image-filter.conf
> %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
echo 'load_module "%{nginx_moduledir}/ngx_http_perl_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
> %{buildroot}%{nginx_moduleconfdir}/mod-http-perl.conf
> %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
echo 'load_module "%{nginx_moduledir}/ngx_http_xslt_filter_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
> %{buildroot}%{nginx_moduleconfdir}/mod-http-xslt-filter.conf
> %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
echo 'load_module "%{nginx_moduledir}/ngx_mail_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
> %{buildroot}%{nginx_moduleconfdir}/mod-mail.conf
> %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
echo 'load_module "%{nginx_moduledir}/ngx_stream_module.so";' \
echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
> %{buildroot}%{nginx_moduleconfdir}/mod-stream.conf
> %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
# Install files for supporting nginx module builds
## Install source files
mkdir -p %{buildroot}%{_usrsrc}
mv %{name}-%{version}-%{release}-src %{buildroot}%{nginx_srcdir}
## Install rpm macros
mkdir -p %{buildroot}%{_rpmmacrodir}
sed -e "s|@@NGINX_ABIVERSION@@|%{nginx_abiversion}|g" \
-e "s|@@NGINX_MODDIR@@|%{nginx_moduledir}|g" \
-e "s|@@NGINX_MODCONFDIR@@|%{nginx_moduleconfdir}|g" \
-e "s|@@NGINX_SRCDIR@@|%{nginx_srcdir}|g" \
%{SOURCE15} > %{buildroot}%{_rpmmacrodir}/macros.nginxmods
## Install dependency generator
install -Dpm0644 -t %{buildroot}%{_fileattrsdir} %{SOURCE16}
%pre filesystem
%pre filesystem
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
@ -517,24 +389,21 @@ if [ $1 -ge 1 ]; then
fi
fi
%files
%files
%license LICENSE
%doc CHANGES README README.dynamic
%if 0%{?rhel} == 7
%if 0%{?rhel} == 7
%doc UPGRADE-NOTES-1.6-to-1.10
%doc UPGRADE-NOTES-1.6-to-1.10
%endif
%endif
%{_datadir}/nginx/html/*
%{_datadir}/nginx/html/*
%{_bindir}/nginx-upgrade
%{_bindir}/nginx-upgrade
%{_sbindir}/nginx
%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
%{_datadir}/vim/vimfiles/ftplugin/nginx.vim
%{_datadir}/vim/vimfiles/syntax/nginx.vim
%{_datadir}/vim/vimfiles/syntax/nginx.vim
%{_datadir}/vim/vimfiles/indent/nginx.vim
%{_datadir}/vim/vimfiles/indent/nginx.vim
%{_mandir}/man3/nginx.3pm*
%{_mandir}/man3/nginx.3pm*
%{_mandir}/man8/nginx.8*
%{_mandir}/man8/nginx.8*
%{_mandir}/man8/nginx-upgrade.8*
%{_mandir}/man8/nginx-upgrade.8*
%{_unitdir}/nginx.service
%{_unitdir}/nginx.service
%files core
%license LICENSE
%doc CHANGES README README.dynamic
%{_sbindir}/nginx
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
@ -555,11 +424,8 @@ fi
%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp
%attr(711,root,root) %dir %{_localstatedir}/log/nginx
%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/access.log
%dir %{_libdir}/nginx/modules
%ghost %attr(640,%{nginx_user},root) %{_localstatedir}/log/nginx/error.log
%dir %{nginx_moduledir}
%dir %{nginx_moduleconfdir}
%files all-modules
%files all-modules
@ -574,217 +440,106 @@ fi
%if %{with geoip}
%if %{with geoip}
%files mod-http-geoip
%files mod-http-geoip
%{nginx_moduleconfdir} /mod-http-geoip.conf
%{_datadir}/nginx/modules /mod-http-geoip.conf
%{nginx_moduledir} /ngx_http_geoip_module.so
%{_libdir}/nginx/modules /ngx_http_geoip_module.so
%endif
%endif
%files mod-http-image-filter
%files mod-http-image-filter
%{nginx_moduleconfdir} /mod-http-image-filter.conf
%{_datadir}/nginx/modules /mod-http-image-filter.conf
%{nginx_moduledir} /ngx_http_image_filter_module.so
%{_libdir}/nginx/modules /ngx_http_image_filter_module.so
%files mod-http-perl
%files mod-http-perl
%{nginx_moduleconfdir} /mod-http-perl.conf
%{_datadir}/nginx/modules /mod-http-perl.conf
%{nginx_moduledir} /ngx_http_perl_module.so
%{_libdir}/nginx/modules /ngx_http_perl_module.so
%dir %{perl_vendorarch}/auto/nginx
%dir %{perl_vendorarch}/auto/nginx
%{perl_vendorarch}/nginx.pm
%{perl_vendorarch}/nginx.pm
%{perl_vendorarch}/auto/nginx/nginx.so
%{perl_vendorarch}/auto/nginx/nginx.so
%files mod-http-xslt-filter
%files mod-http-xslt-filter
%{nginx_moduleconfdir} /mod-http-xslt-filter.conf
%{_datadir}/nginx/modules /mod-http-xslt-filter.conf
%{nginx_moduledir} /ngx_http_xslt_filter_module.so
%{_libdir}/nginx/modules /ngx_http_xslt_filter_module.so
%files mod-mail
%files mod-mail
%{nginx_moduleconfdir} /mod-mail.conf
%{_datadir}/nginx/modules /mod-mail.conf
%{nginx_moduledir} /ngx_mail_module.so
%{_libdir}/nginx/modules /ngx_mail_module.so
%files mod-stream
%files mod-stream
%{nginx_moduleconfdir}/mod-stream.conf
%{_datadir}/nginx/modules/mod-stream.conf
%{nginx_moduledir}/ngx_stream_module.so
%{_libdir}/nginx/modules/ngx_stream_module.so
%files mod-devel
%{_rpmmacrodir}/macros.nginxmods
%{_fileattrsdir}/nginxmods.attr
%{nginx_srcdir}/
%changelog
%changelog
* Tue Jul 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-16.1
* Tue May 25 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.16.1-2.1
- Resolves: RHEL-48791 - nginx worker processes memory leak
- Resolves: #1963174 - CVE-2021-23017 nginx:1.16/nginx: Off-by-one in
ngx_resolver_copy() when labels are followed by a pointer to a root
* Mon Oct 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-16
domain name
- Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are
vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Mon Nov 23 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-2
- Resolves: #1798230 - CVE-2019-20372 nginx:1.16/nginx: HTTP request smuggling
* Thu Nov 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14
via error pages in http/ngx_http_special_response.c
- Resolves: #2086527 - Fix logrotate config and nginx log dir permissions
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
* Wed Jun 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-13
- update to 1.16.1
- Resolves: #2099752 - nginx minimisation for ubi-micro
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
of data request leads to denial of service
* Tue Jun 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-11
- Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using
- Resolves: #2028781 - Protocol : TLSv1.3 missing in rhel9
PRIORITY frames resulting in excessive resource consumption
- Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length
* Wed Feb 02 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-10
headers leads to denial of service
- Resolves: #1975747 - CVE-2021-3618 nginx: ALPACA: Application Layer Protocol
Confusion - Analyzing and Mitigating Cracks in TLS Authentication
* Wed Jun 26 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-2
- Resolves: #1718929 - ssl_protocols config option has faulty behavior
* Thu Dec 2 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-9
in nginx:1.16
- add delaycompress to logrotate config (#2015250)
* Mon May 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.0-1
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-8
- new version 1.16.0
- Resolves: #2007019 - use proper wording in error pages
- enable ngx_stream_ssl_preread module
- main package does NOT require all-modules package
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-7
- Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
* Wed Dec 12 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-8
- enable TLS 1.3 by default (#1643647)
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6
- TLSv1.0 and TLSv1.1 can be enabled now (#1644746)
- Resolves: #2006822 - Hardening tests fail for nginx
* Tue Sep 21 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-5
- Add -mod-devel subpackage for building external nginx modules
Resolves: rhbz#1991720 (Neal Gompa)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.20.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Aug 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-3
- Resolves: #1991600 - Add logo symlink required by new testpage
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.20.1-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-1
- new version 1.20.1
- Resolves: #1964814 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy()
when labels are followed by a pointer to a root domain name
* Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-5
- Resolves: #1955564 - [RFE] Support loading certificates from hardware
token (PKCS#11)
* Fri Apr 30 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-4
- Resolves: #1955560 - centralizing default index.html on nginx
* Mon Apr 26 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.20.0-3
- Resolve: #1953639 - Rebase nginx to 1.20
* Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-2
- sync rawhide and EPEL7 spec files again
- systemd service reload now checks config file (rhbz#1565377)
- drop nginx requirement on nginx-all-modules (rhbz#1708799)
- let nginx handle log creation on logrotate (rhbz#1683388)
- have log directory owned by root (rhbz#1390183, CVE-2016-1247)
- remove obsolete --with-ipv6 (src PR#8)
- correction: pcre2 is actually not supported by nginx, reintroduce pcre
* Wed Apr 21 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.0-1
- update to 1.20.0
- sync with mainline spec file
- order configure options alphabetically for easier comparinggit
- add --with-compat option (rhbz#1834452)
- add patch to fix PIDFile race condition (rhbz#1869026)
- use pcre2 instead of pcre (rhbz#1938984)
- add Wants=network-online.target to systemd unit (rhbz#1943779)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.18.0-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Feb 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-5
- Resolves: #1931402 - drop gperftools module
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.18.0-2
- Perl 5.32 rebuild
* Fri Apr 24 2020 Felix Kaechele <heffer@fedoraproject.org> - 1:1.18.0-1
- Update to 1.18.0
- Increased types_hash_max_size to 4096 in default config
- Add gpg source verification
- Add Recommends: logrotate
- Drop location / from default config (rhbz#1564768)
- Drop default_sever from default config (rhbz#1373822)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 15 2019 Warren Togami <warren@blockstream.com>
- add conditionals for EPEL7, see rhbz#1750857
* Tue Aug 13 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.1-1
- Update to upstream release 1.16.1
- Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.16.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.16.0-4
- Perl 5.30 rebuild
* Tue May 14 2019 Stephen Gallagher <sgallagh@redhat.com> - 1.16.0-3
- Move to common default index.html
- Resolves: rhbz#1636235
* Tue May 07 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-2
- Add missing directory for vim plugin
* Fri Apr 26 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.16.0-1
- Update to upstream release 1.16.0
* Mon Mar 04 2019 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.15.9-1
- Update to upstream release 1.15.9
- Enable ngx_stream_ssl_preread module
- Remove redundant conditionals
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:1.14.1-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 1:1.14.1-3
- fix unexpanded paths in nginx(8)
- fix unexpanded paths in nginx(8) (#1643069)
* Tue Nov 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
* Mon Dec 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-2
- Resolves: #1655530 - Hardening tests fail for nginx
* Mon Nov 19 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-1
- new version 1.14.1
- new version 1.14.1
- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
- Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and
- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
memory disclosure via mp4 module
disclosure via mp4 module
- Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage
- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
- Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
via flaw in HTTP/2 implementation
- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
in HTTP/2 implementation
* Mon Aug 06 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-14
* Wed Aug 8 2018 Joe Orton <jorton@redhat.com> - 1:1.14.0-3
- add requires on perl(constant) for mod-http-perl
- fix PKCS#11 support (Anderson Sasaki, #1545526)
* Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-13
* Mon Aug 06 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.0-2
- don't build with geoip by default
- add dependency on perl(constant)
* Mon Jul 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
- Resolves: #1558420 - directory permissions are now correct after processing
USR1 signal
- Resolves: #1601414 - nginx: drop GeoIP support
* Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
* Thu Jul 19 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-12
- add build conditional for geoip support
- add build conditional for geoip support
* Mon Jul 16 2018 Tadej Janež <tadej.j@nez.si> - 1:1.12.1-11
* Thu May 03 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.14.0-1
- Add gcc to BuildRequires to account for
- new version 1.14.0
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik @redhat.com> - 1:1.12.1-9
* Wed Apr 25 2018 Luboš Uhliarik <luhliari@redhat.com> - 1:1.12.1-9
- Perl 5.28 rebuild
- changed directory permissions (#1558420)
* Mon May 14 2018 Luboš Uhliarik <luhliari @redhat.com> - 1:1.12.1-8
* Fri Mar 23 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-8
- Related: #1573942 - nginx fails on start
- disable gperftools (#1496868)
* Wed May 02 2018 Luboš Uhliarik <luhliari @redhat.com> - 1:1.12.1-7
* Thu Mar 22 2018 Joe Orton <jorton@redhat.com> - 1:1.12.1-7
- Resolves: #1573942 - nginx fails on start
- update branding (#1512565)
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild