diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-10-31 07:11:45 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-10-31 07:11:45 +0000 |
| commit | 6c94cd3bcc5f9cae45fa80e3048d7cb395f05796 (patch) | |
| tree | d912ce6e29bf07d987257bba72caf31c5473c4b6 | |
| parent | 85df9bedbac03a69d4687d8a3d75fe5e6ba2dce7 (diff) | |
automatic import of nginxopeneuler24.03_LTS
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | 404.html | 114 | ||||
| -rw-r--r-- | 50x.html | 114 | ||||
| -rw-r--r-- | README.dynamic | 20 | ||||
| -rw-r--r-- | UPGRADE-NOTES-1.6-to-1.10 | 88 | ||||
| -rw-r--r-- | backport-CVE-2023-44487.patch | 76 | ||||
| -rw-r--r-- | backport-CVE-2024-7347.patch | 43 | ||||
| -rw-r--r-- | index.html | 111 | ||||
| -rw-r--r-- | macros.nginxmods.in | 20 | ||||
| -rw-r--r-- | nginx-1.12.1-logs-perm.patch | 13 | ||||
| -rw-r--r-- | nginx-auto-cc-gcc.patch | 10 | ||||
| -rw-r--r-- | nginx-fix-pidfile.patch | 89 | ||||
| -rw-r--r-- | nginx-upgrade | 19 | ||||
| -rw-r--r-- | nginx.conf | 83 | ||||
| -rw-r--r-- | nginx.logrotate | 13 | ||||
| -rw-r--r-- | nginx.service | 20 | ||||
| -rw-r--r-- | nginx.spec | 464 | ||||
| -rw-r--r-- | nginxmods.attr | 14 | ||||
| -rw-r--r-- | sources | 2 |
19 files changed, 1315 insertions, 0 deletions
@@ -0,0 +1,2 @@ +/nginx-1.27.2.tar.gz +/nginx-logo.png diff --git a/404.html b/404.html new file mode 100644 index 0000000..4c28a42 --- /dev/null +++ b/404.html @@ -0,0 +1,114 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>The page is not found</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <style type="text/css"> + /*<![CDATA[*/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + h3 { + text-align: center; + background-color: #ff0000; + padding: 0.5em; + color: #fff; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + </style> + </head> + + <body> + <h1><strong>nginx error!</strong></h1> + + <div class="content"> + + <h3>The page you are looking for is not found.</h3> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>Something has triggered missing webpage on your + website. This is the default 404 error page for + <strong>nginx</strong> that is distributed with + openEuler. It is located + <tt>/usr/share/nginx/html/404.html</tt></p> + + <p>You should customize this error page for your own + site or edit the <tt>error_page</tt> directive in + the <strong>nginx</strong> configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="/nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + </div> + </div> + </body> +</html> diff --git a/50x.html b/50x.html new file mode 100644 index 0000000..ff40fd9 --- /dev/null +++ b/50x.html @@ -0,0 +1,114 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>The page is temporarily unavailable</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <style type="text/css"> + /*<![CDATA[*/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + h3 { + text-align: center; + background-color: #ff0000; + padding: 0.5em; + color: #fff; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + </style> + </head> + + <body> + <h1><strong>nginx error!</strong></h1> + + <div class="content"> + + <h3>The page you are looking for is temporarily unavailable. Please try again later.</h3> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>Something has triggered an error on your + website. This is the default error page for + <strong>nginx</strong> that is distributed with + openEuler. It is located + <tt>/usr/share/nginx/html/50x.html</tt></p> + + <p>You should customize this error page for your own + site or edit the <tt>error_page</tt> directive in + the <strong>nginx</strong> configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="/nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + </div> + </div> + </body> +</html> diff --git a/README.dynamic b/README.dynamic new file mode 100644 index 0000000..5758858 --- /dev/null +++ b/README.dynamic @@ -0,0 +1,20 @@ +############### +Dynamic modules +############### + +Dynamic modules are loaded using the "load_modules" directive. The RPM package +for each module has a '.conf' file in the /usr/share/nginx/modules directory. +The '.conf' file contains a single "load_modules" directive. + +This means that whenever a new dynamic module is installed, it will +automatically be enabled and Nginx will be reloaded. + +-------------------------------------------------------- +Prevent dynamic modules from being enabled automatically +-------------------------------------------------------- + +You may want to avoid dynamic modules being enabled automatically. Simply +remove this line from the top of /etc/nginx/nginx.conf: + + include /usr/share/nginx/modules/*.conf; + diff --git a/UPGRADE-NOTES-1.6-to-1.10 b/UPGRADE-NOTES-1.6-to-1.10 new file mode 100644 index 0000000..65760bf --- /dev/null +++ b/UPGRADE-NOTES-1.6-to-1.10 @@ -0,0 +1,88 @@ +############# +Upgrade notes +############# + +To resolve numerous security flaws, the nginx package was updated to 1.10.x. + +You should review your configuration files in /etc/nginx to determine if there +are any incompatibilities. Below is a summary of the main incompatible changes. +Some nginx directives have been changed or removed, so you may need to modify +your configuration. + +Please see upstream release notes for a complete list of new features, +bug fixes, and changes: http://nginx.org/en/CHANGES-1.10 +One notable feature is support for HTTP/2. + +Nginx gained support for dynamic modules. As part of this update, dynamic +modules have been split into subpackages. For the time being these are hard +dependencies to aid the upgrade path. When you install nginx, all of these +modules are installed and enabled by default: + - nginx-mod-http-geoip + - nginx-mod-http-image-filter + - nginx-mod-http-perl + - nginx-mod-http-xslt-filter + - nginx-mod-mail + - nginx-mod-stream + +Changes with nginx 1.10.x + + *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer + passed to the next server by default if a request has been sent to a + backend; the "non_idempotent" parameter of the "proxy_next_upstream" + directive explicitly allows retrying such requests. + + *) Change: now the "output_buffers" directive uses two buffers by + default. + + *) Change: now nginx limits subrequests recursion, not simultaneous + subrequests. + + *) Change: now nginx checks the whole cache key when returning a + response from cache. + Thanks to Gena Makhomed and Sergey Brester. + + *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" + directives of the stream module are replaced with the + "proxy_buffer_size" directive. + + *) Change: duplicate "http", "mail", and "stream" blocks are now + disallowed. + + *) Change: now SSLv3 protocol is disabled by default. + + *) Change: some long deprecated directives are not supported anymore. + + *) Change: obsolete aio and rtsig event methods have been removed. + +Changes with nginx 1.8.x + + *) Change: the "sendfile" parameter of the "aio" directive is + deprecated; now nginx automatically uses AIO to pre-load data for + sendfile if both "aio" and "sendfile" directives are used. + + *) Change: now the "If-Modified-Since", "If-Range", etc. client request + header lines are passed to a backend while caching if nginx knows in + advance that the response will not be cached (e.g., when using + proxy_cache_min_uses). + + *) Change: now after proxy_cache_lock_timeout nginx sends a request to a + backend with caching disabled; the new directives + "proxy_cache_lock_age", "fastcgi_cache_lock_age", + "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time + after which the lock will be released and another attempt to cache a + response will be made. + + *) Change: the "log_format" directive can now be used only at http + level. + + *) Change: now nginx takes into account the "Vary" header line in a + backend response while caching. + + *) Change: the deprecated "limit_zone" directive is not supported + anymore. + + *) Change: now the "stub_status" directive does not require a parameter. + + *) Change: URI escaping now uses uppercase hexadecimal digits. + Thanks to Piotr Sikora. + diff --git a/backport-CVE-2023-44487.patch b/backport-CVE-2023-44487.patch new file mode 100644 index 0000000..4731cee --- /dev/null +++ b/backport-CVE-2023-44487.patch @@ -0,0 +1,76 @@ +From 6ceef192e7af1c507826ac38a2d43f08bf265fb9 Mon Sep 17 00:00:00 2001 +From: Maxim Dounin <mdounin@mdounin.ru> +Date: Tue, 10 Oct 2023 15:13:39 +0300 +Subject: [PATCH] HTTP/2: per-iteration stream handling limit. + +To ensure that attempts to flood servers with many streams are detected +early, a limit of no more than 2 * max_concurrent_streams new streams per one +event loop iteration was introduced. This limit is applied even if +max_concurrent_streams is not yet reached - for example, if corresponding +streams are handled synchronously or reset. + +Further, refused streams are now limited to maximum of max_concurrent_streams +and 100, similarly to priority_limit initial value, providing some tolerance +to clients trying to open several streams at the connection start, yet +low tolerance to flooding attempts. + +Conflict: context adapt +Reference: https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9 +--- + src/http/v2/ngx_http_v2.c | 15 +++++++++++++++ + src/http/v2/ngx_http_v2.h | 2 ++ + 2 files changed, 17 insertions(+) + +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index 7c05ff1e78..410a8be24e 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { + c->close = 0; +@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + + rst_stream: + ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } ++ + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); + } +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index cb9014ccfb..6751b3026d 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s { + ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + + ngx_uint_t pushing; diff --git a/backport-CVE-2024-7347.patch b/backport-CVE-2024-7347.patch new file mode 100644 index 0000000..d4e44c8 --- /dev/null +++ b/backport-CVE-2024-7347.patch @@ -0,0 +1,43 @@ +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -3099,7 +3099,8 @@ static ngx_int_t + ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, + ngx_http_mp4_trak_t *trak, ngx_uint_t start) + { +- uint32_t start_sample, chunk, samples, id, next_chunk, n, ++ uint64_t n; ++ uint32_t start_sample, chunk, samples, id, next_chunk, + prev_samples; + ngx_buf_t *data, *buf; + ngx_uint_t entries, target_chunk, chunk_samples; +@@ -3155,12 +3156,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 + + next_chunk = ngx_mp4_get_32value(entry->chunk); + ++ if (next_chunk < chunk) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "unordered mp4 stsc chunks in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, + "sample:%uD, chunk:%uD, chunks:%uD, " + "samples:%uD, id:%uD", + start_sample, chunk, next_chunk - chunk, samples, id); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample < n) { + goto found; +@@ -3182,7 +3190,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 + "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD", + start_sample, chunk, next_chunk - chunk, samples); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample > n) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, diff --git a/index.html b/index.html new file mode 100644 index 0000000..bacdfb5 --- /dev/null +++ b/index.html @@ -0,0 +1,111 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>Test Page for the Nginx HTTP Server on openEuler</title> + <style type="text/css"> + /*<![CDATA[*/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /*]]>*/ + </style> + </head> + + <body> + <h1>Welcome to <strong>nginx</strong> on openEuler!</h1> + + <div class="content"> + <p>This page is used to test the proper operation of the + <strong>nginx</strong> HTTP server after it has been + installed. If you can read this page, it means that the + web server installed at this site is working + properly.</p> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>This is the default <tt>index.html</tt> page that + is distributed with <strong>nginx</strong> on + openEuler. It is located in + <tt>/usr/share/nginx/html</tt>.</p> + + <p>You should now put your content in a location of + your choice and edit the <tt>root</tt> configuration + directive in the <strong>nginx</strong> + configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + </div> + </div> + </body> +</html> diff --git a/macros.nginxmods.in b/macros.nginxmods.in new file mode 100644 index 0000000..9b612b2 --- /dev/null +++ b/macros.nginxmods.in @@ -0,0 +1,20 @@ +%_nginx_abiversion @@NGINX_ABIVERSION@@ +%_nginx_srcdir @@NGINX_SRCDIR@@ +%_nginx_buildsrcdir nginx-src +%_nginx_modsrcdir .. +%_nginx_modbuilddir ../%{_vpath_builddir} +%nginx_moddir @@NGINX_MODDIR@@ +%nginx_modconfdir @@NGINX_MODCONFDIR@@ + +%nginx_modrequires Requires: nginx(abi) = %{_nginx_abiversion} + +%nginx_modconfigure(:-:) \\\ + %undefine _strict_symbol_defs_build \ + cp -a "%{_nginx_srcdir}" "%{_nginx_buildsrcdir}" \ + cd "%{_nginx_buildsrcdir}" \ + nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" \ + ./configure --with-compat --with-cc-opt="%{optflags} $(pcre-config --cflags)" --with-ld-opt="$nginx_ldopts" \\\ + --add-dynamic-module=$(realpath %{_nginx_modsrcdir}) --builddir=$(realpath %{_nginx_modbuilddir}) %{**} \ + cd - + +%nginx_modbuild %{__make} -C "%{_nginx_buildsrcdir}" %{_make_output_sync} %{?_smp_mflags} %{_make_verbose} modules diff --git a/nginx-1.12.1-logs-perm.patch b/nginx-1.12.1-logs-perm.patch new file mode 100644 index 0000000..4884a84 --- /dev/null +++ b/nginx-1.12.1-logs-perm.patch @@ -0,0 +1,13 @@ +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index aee7a58..bcceecb 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) + } + + fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND, +- NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS); ++ NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220); + + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, + "reopen file \"%s\", old:%d new:%d", diff --git a/nginx-auto-cc-gcc.patch b/nginx-auto-cc-gcc.patch new file mode 100644 index 0000000..0829d84 --- /dev/null +++ b/nginx-auto-cc-gcc.patch @@ -0,0 +1,10 @@ +--- a/auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600 ++++ b/auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600 +@@ -172,7 +172,6 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/nginx-fix-pidfile.patch b/nginx-fix-pidfile.patch new file mode 100644 index 0000000..47a16ff --- /dev/null +++ b/nginx-fix-pidfile.patch @@ -0,0 +1,89 @@ +Description: Fix NGINX pidfile handling +Author: Tj <ubuntu@iam.tj> +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365 +Last-Update: 2020-06-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +diff --git a/src/core/nginx.c b/src/core/nginx.c +index 9fcb0eb2..083eba1d 100644 +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -338,14 +338,21 @@ main(int argc, char *const *argv) + ngx_process = NGX_PROCESS_MASTER; + } + ++ /* tell-tale to detect if this is parent or child process */ ++ ngx_int_t child_pid = NGX_BUSY; ++ + #if !(NGX_WIN32) + + if (ngx_init_signals(cycle->log) != NGX_OK) { + return 1; + } + ++ /* tell-tale that this code has been executed */ ++ child_pid--; ++ + if (!ngx_inherited && ccf->daemon) { +- if (ngx_daemon(cycle->log) != NGX_OK) { ++ child_pid = ngx_daemon(cycle->log); ++ if (child_pid == NGX_ERROR) { + return 1; + } + +@@ -358,8 +365,19 @@ main(int argc, char *const *argv) + + #endif + +- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { +- return 1; ++ /* If ngx_daemon() returned the child's PID in the parent process ++ * after the fork() set ngx_pid to the child_pid, which gets ++ * written to the PID file, then exit. ++ * For NGX_WIN32 always write the PID file ++ * For others, only write it from the parent process */ ++ if (child_pid < NGX_OK || child_pid > NGX_OK) { ++ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid; ++ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { ++ return 1; ++ } ++ } ++ if (child_pid > NGX_OK) { ++ exit(0); + } + + if (ngx_log_redirect_stderr(cycle) != NGX_OK) { +diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c +index 385c49b6..3719854c 100644 +--- a/src/os/unix/ngx_daemon.c ++++ b/src/os/unix/ngx_daemon.c +@@ -7,14 +7,17 @@ + + #include <ngx_config.h> + #include <ngx_core.h> ++#include <unistd.h> + + + ngx_int_t + ngx_daemon(ngx_log_t *log) + { + int fd; ++ /* retain the return value for passing back to caller */ ++ pid_t pid_child = fork(); + +- switch (fork()) { ++ switch (pid_child) { + case -1: + ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed"); + return NGX_ERROR; +@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log) + break; + + default: +- exit(0); ++ /* let caller do the exit() */ ++ return pid_child; + } + + ngx_parent = ngx_pid; diff --git a/nginx-upgrade b/nginx-upgrade new file mode 100644 index 0000000..f84d91a --- /dev/null +++ b/nginx-upgrade @@ -0,0 +1,19 @@ +#!/bin/sh +[ ! -f /run/nginx.pid ] && exit 1 +echo "Start new nginx master..." +/bin/systemctl kill --signal=SIGUSR2 nginx.service +sleep 5 +[ ! -f /run/nginx.pid.oldbin ] && sleep 10 +if [ ! -f /run/nginx.pid.oldbin ]; then + echo "Failed to start new nginx master." + exit 1 +fi +echo "Stop old nginx master gracefully..." +oldpid=`/usr/bin/cat /run/nginx.pid.oldbin 2>/dev/null` +/bin/kill -s QUIT $oldpid 2>/dev/null +sleep 5 +[ -f /run/nginx.pid.oldbin ] && sleep 10 +if [ -f /run/nginx.pid.oldbin ]; then + echo "Failed to stop old nginx master." + exit 1 +fi diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..8839c11 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,83 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen 80; + listen [::]:80; + server_name _; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + error_page 404 /404.html; + location = /404.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers PROFILE=SYSTEM; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# error_page 404 /404.html; +# location = /404.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} + diff --git a/nginx.logrotate b/nginx.logrotate new file mode 100644 index 0000000..353da6e --- /dev/null +++ b/nginx.logrotate @@ -0,0 +1,13 @@ +/var/log/nginx/*log { + create 0664 nginx root + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true + endscript +} + diff --git a/nginx.service b/nginx.service new file mode 100644 index 0000000..5b16189 --- /dev/null +++ b/nginx.service @@ -0,0 +1,20 @@ +[Unit] +Description=The nginx HTTP and reverse proxy server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +# Nginx will fail to start if /run/nginx.pid already exists but has the wrong +# SELinux context. This might happen when running `nginx -t` from the cmdline. +ExecStartPre=/usr/bin/rm -f /run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t +ExecStart=/usr/sbin/nginx +ExecReload=/bin/kill -s HUP $MAINPID +KillSignal=SIGQUIT +TimeoutStopSec=5 +KillMode=mixed +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/nginx.spec b/nginx.spec new file mode 100644 index 0000000..57f31aa --- /dev/null +++ b/nginx.spec @@ -0,0 +1,464 @@ +%global _hardened_build 1 +%global nginx_user nginx + +%undefine _strict_symbol_defs_build + +%bcond_with geoip + +%global with_gperftools 1 + +%global with_mailcap_mimetypes 0 + +%global with_aio 1 + +%global __provides_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ +%global __requires_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ + +Name: nginx +Epoch: 1 +Version: 1.27.2 +Release: 1 +Summary: A HTTP server, reverse proxy and mail proxy server +License: BSD +URL: http://nginx.org/ + +Source0: https://nginx.org/download/nginx-%{version}.tar.gz +Source10: nginx.service +Source11: nginx.logrotate +Source12: nginx.conf +Source13: nginx-upgrade +Source14: macros.nginxmods.in +Source15: nginxmods.attr +Source100: index.html +Source102: nginx-logo.png +Source103: 404.html +Source104: 50x.html +Source200: README.dynamic +Source210: UPGRADE-NOTES-1.6-to-1.10 + +Patch0: nginx-auto-cc-gcc.patch +Patch1: nginx-1.12.1-logs-perm.patch +Patch2: nginx-fix-pidfile.patch +Patch3: backport-CVE-2023-44487.patch +# https://nginx.org/download/patch.2024.mp4.txt +Patch4: backport-CVE-2024-7347.patch + +BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel +Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl +Requires: nginx-all-modules = %{epoch}:%{version}-%{release} +%if 0%{?with_mailcap_mimetypes} +Requires: nginx-mimetypes +%endif +Requires(pre): nginx-filesystem +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Provides: webserver +Provides: nginx(abi) = %{version} +Recommends: logrotate + +%description +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. + +%package all-modules +Summary: Nginx modules +BuildArch: noarch + +%if %{with geoip} +Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release} +%endif +Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-mail = %{epoch}:%{version}-%{release} +Requires: nginx-mod-stream = %{epoch}:%{version}-%{release} + +%description all-modules +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. +This package is a meta package that installs all available Nginx modules. + +%package filesystem +Summary: Filesystem for the Nginx server +BuildArch: noarch +Requires(pre): shadow-utils + +%description filesystem +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. +The package contains the basic directory layout for the Nginx server. + +%if %{with geoip} +%package mod-http-geoip +Summary: HTTP geoip module for nginx +BuildRequires: GeoIP-devel +Requires: nginx(abi) = %{version} GeoIP + +%description mod-http-geoip +The package is the Nginx HTTP geoip module. +%endif + +%package mod-http-image-filter +Summary: HTTP image filter module for nginx +BuildRequires: gd-devel +Requires: nginx(abi) = %{version} gd + +%description mod-http-image-filter +Nginx HTTP image filter module. + +%package mod-http-perl +Summary: HTTP perl module for nginx +BuildRequires: perl-devel perl(ExtUtils::Embed) +Requires: nginx(abi) = %{version} perl(constant) +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description mod-http-perl +Nginx HTTP perl module. + +%package mod-http-xslt-filter +Summary: XSLT module for nginx +BuildRequires: libxslt-devel +Requires: nginx(abi) = %{version} + +%description mod-http-xslt-filter +Nginx XSLT module. + +%package mod-mail +Summary: mail modules for nginx +Requires: nginx(abi) = %{version} + +%description mod-mail +Nginx mail modules + +%package mod-stream +Summary: stream modules for nginx +Requires: nginx(abi) = %{version} + +%description mod-stream +Nginx stream modules. + +%package mod-devel +Summary: nginx module development +Requires: nginx = %{epoch}:%{version}-%{release} +Requires: make gcc gd-devel libxslt-devel openssl-devel +Requires: pcre2-devel perl-devel perl(ExtUtils::Embed) zlib-devel +%if 0%{?with_gperftools} +Requires: gperftools-devel +%endif +%if %{with geoip} +Requires: GeoIP-devel +%endif + +%description mod-devel +Nginx module development + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 +cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . +cp -a ../%{name}-%{version} ../%{name}-%{version}-%{release}-src +mv ../%{name}-%{version}-%{release}-src . + +%build +export DESTDIR=%{buildroot} +nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" +if ! ./configure \ + --prefix=%{_datadir}/nginx --sbin-path=%{_sbindir}/nginx --modules-path=%{_libdir}/nginx/modules \ + --conf-path=%{_sysconfdir}/nginx/nginx.conf --error-log-path=%{_localstatedir}/log/nginx/error.log \ + --http-log-path=%{_localstatedir}/log/nginx/access.log \ + --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \ + --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \ + --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \ + --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \ + --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \ + --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx \ + --user=%{nginx_user} --group=%{nginx_user} \ +%if 0%{?with_aio} + --with-file-aio \ +%endif + --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module \ + --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic \ +%if %{with geoip} + --with-http_geoip_module=dynamic \ +%endif + --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module \ + --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module \ + --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module \ + --with-http_perl_module=dynamic --with-http_auth_request_module \ + --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt=yes --with-pcre --with-pcre-jit --with-stream=dynamic \ + --with-stream_ssl_module --with-google_perftools_module --with-debug \ + --with-cc-opt="%{optflags} $(pcre2-config --cflags)" --with-ld-opt="$nginx_ldopts"; then + : configure failed + cat objs/autoconf.err + exit 1 +fi + +%make_build + + +%install +%make_install INSTALLDIRS=vendor + +find %{buildroot} -type f -empty -exec rm -f '{}' \; +find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; +find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; +find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; + +pushd %{buildroot} +install -p -D -m 0644 %{_builddir}/nginx-%{version}/nginx.service .%{_unitdir}/nginx.service +install -p -D -m 0644 %{SOURCE11} .%{_sysconfdir}/logrotate.d/nginx +install -p -d -m 0755 .%{_sysconfdir}/systemd/system/nginx.service.d +install -p -d -m 0755 .%{_unitdir}/nginx.service.d +install -p -d -m 0755 .%{_sysconfdir}/nginx/conf.d +install -p -d -m 0755 .%{_sysconfdir}/nginx/default.d +install -p -d -m 0700 .%{_localstatedir}/lib/nginx +install -p -d -m 0700 .%{_localstatedir}/lib/nginx/tmp +install -p -d -m 0700 .%{_localstatedir}/log/nginx +install -p -d -m 0755 .%{_datadir}/nginx/html +install -p -d -m 0755 .%{_datadir}/nginx/modules +install -p -d -m 0755 .%{_libdir}/nginx/modules +install -p -m 0644 %{_builddir}/nginx-%{version}/nginx.conf .%{_sysconfdir}/nginx +install -p -m 0644 %{SOURCE100} .%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE102} .%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE103} %{SOURCE104} .%{_datadir}/nginx/html + +%if 0%{?with_mailcap_mimetypes} +rm -f .%{_sysconfdir}/nginx/mime.types +%endif + +install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 .%{_mandir}/man8/nginx.8 +install -p -D -m 0755 %{SOURCE13} .%{_bindir}/nginx-upgrade +popd + +for i in ftdetect indent syntax; do + install -p -D -m644 contrib/vim/${i}/nginx.vim %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim +done + +%if %{with geoip} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf +%endif + +pushd %{buildroot} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-image-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-perl.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ + > .%{_datadir}/nginx/modules/mod-mail.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ + > .%{_datadir}/nginx/modules/mod-stream.conf +popd + +mkdir -p %{buildroot}%{_usrsrc} +mv %{name}-%{version}-%{release}-src %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release} + +mkdir -p %{buildroot}%{_rpmmacrodir} +sed -e "s|@@NGINX_ABIVERSION@@|%{version}|g" \ + -e "s|@@NGINX_MODDIR@@|%{_libdir}\/nginx\/modules|g" \ + -e "s|@@NGINX_MODCONFDIR@@|%{_datadir}\/nginx\/modules|g" \ + -e "s|@@NGINX_SRCDIR@@|%{_usrsrc}\/%{name}-%{version}-%{release}|g" \ + %{SOURCE14} > %{buildroot}%{_rpmmacrodir}/macros.nginxmods +install -Dpm0644 %{SOURCE15} %{buildroot}%{_fileattrsdir}/nginxmods.attr + +%pre filesystem +getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} +getent passwd %{nginx_user} > /dev/null || useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ + -s /sbin/nologin -c "Nginx web server" %{nginx_user} +exit 0 + +%post +%systemd_post nginx.service + +%if %{with geoip} +%post mod-http-geoip +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi +%endif + +%post mod-http-image-filter +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-perl +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-xslt-filter +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-mail +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-stream +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%preun +%systemd_preun nginx.service + +%postun +%systemd_postun nginx.service +if [ $1 -ge 1 ]; then + /usr/bin/nginx-upgrade >/dev/null 2>&1 || : +fi + +%files +%defattr(-,root,root) +%license LICENSE +%config(noreplace) %{_sysconfdir}/nginx/* +%config(noreplace) %{_sysconfdir}/logrotate.d/nginx +%exclude %{_sysconfdir}/nginx/conf.d +%exclude %{_sysconfdir}/nginx/default.d +%if 0%{?with_mailcap_mimetypes} +%exclude %{_sysconfdir}/nginx/mime.types +%endif +%{_bindir}/nginx-upgrade +%{_sbindir}/nginx +%dir %{_libdir}/nginx/modules +%dir %{_datadir}/nginx/modules +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp +%{_unitdir}/nginx.service +%{_datadir}/nginx/html/* +%{_datadir}/vim/vimfiles/ftdetect/nginx.vim +%{_datadir}/vim/vimfiles/syntax/nginx.vim +%{_datadir}/vim/vimfiles/indent/nginx.vim +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx + +%files all-modules + +%files filesystem +%dir %{_sysconfdir}/nginx +%dir %{_sysconfdir}/nginx/{conf.d,default.d} +%dir %{_sysconfdir}/systemd/system/nginx.service.d +%dir %{_unitdir}/nginx.service.d +%dir %{_datadir}/nginx +%dir %{_datadir}/nginx/html + +%if %{with geoip} +%files mod-http-geoip +%{_libdir}/nginx/modules/ngx_http_geoip_module.so +%{_datadir}/nginx/modules/mod-http-geoip.conf +%endif + +%files mod-http-image-filter +%{_libdir}/nginx/modules/ngx_http_image_filter_module.so +%{_datadir}/nginx/modules/mod-http-image-filter.conf + +%files mod-http-perl +%{_libdir}/nginx/modules/ngx_http_perl_module.so +%{_datadir}/nginx/modules/mod-http-perl.conf +%dir %{perl_vendorarch}/auto/nginx +%{perl_vendorarch}/nginx.pm +%{perl_vendorarch}/auto/nginx/nginx.so + +%files mod-http-xslt-filter +%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so +%{_datadir}/nginx/modules/mod-http-xslt-filter.conf + +%files mod-mail +%{_libdir}/nginx/modules/ngx_mail_module.so +%{_datadir}/nginx/modules/mod-mail.conf + +%files mod-stream +%{_libdir}/nginx/modules/ngx_stream_module.so +%{_datadir}/nginx/modules/mod-stream.conf + +%files mod-devel +%{_rpmmacrodir}/macros.nginxmods +%{_fileattrsdir}/nginxmods.attr +%{_usrsrc}/%{name}-%{version}-%{release} + +%files help +%defattr(-,root,root) +%doc CHANGES README README.dynamic +%{_mandir}/man3/nginx.3pm* +%{_mandir}/man8/nginx.8* + +%changelog +* Thu Oct 31 2024 lifan <lifan140@h-partners.com> - 1.27.2-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update nginx to 1.27.2 + +* Thu Aug 15 2024 Funda Wang <fundawang@yeah.net> - 1:1.24.0-2 +- fix CVE-2024-7347 + +* Tue Jan 02 2024 gaihuiying <eaglegai@163.com> - 1:1.24.0-1 +- update nginx to 1.24.0 + +* Thu Oct 19 2023 yanglu <yanglu72@h-partners.com> - 1:1.23.3-2 +- fix CVE-2023-44487 + +* Thu Mar 16 2023 gaihuiying <eaglegai@163.com> - 1:1.23.3-1 +- update nginx to 1.23.3 + +* Thu Nov 24 2022 zhouyihang <zhouyihang3@h-partners.com> - 1:1.23.2-2 +- add package mod-devel + +* Mon Nov 14 2022 gaihuiying <eaglegai@163.com> - 1:1.23.2-1 +- update nginx to 1.23.2 + +* Tue Jul 19 2022 gaihuiying <eaglegai@163.com> - 1:1.21.5-2 +- switch pcre to pcre2 + +* Sat Jan 15 2022 yaoxin <yaoxin30@huawei.com> - 1:1.21.5-1 +- Upgrade nginx to 1.21.5 + +* Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.18.0-5 +- fix CVE-2021-23017 + +* Sat Mar 20 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 1:1.18.0-4 +- Fix NGINX pidfile handling + +* Mon Mar 15 2021 gaihuiying <gaihuiying1@huawei.com> - 1:1.18.0-3 +- delete unimportant comment + +* Thu Sep 3 2020 yanan li <liyanan032@huawei.com> - 1:1.18.0-2 +- add mime.types file to nginx packages + +* Thu Jun 4 2020 huanghaitao <huanghaitao8@huawei.com> - 1:1.18.0-1 +- Change source to latest update + +* Fri May 22 2020 wutao <wutao61@huawei.com> - 1:1.16.1-4 +- change and delete html + +* Mon May 11 2020 wutao <wutao61@huawei.com> - 1:1.16.1-3 +- modify patch and html + +* Wed Mar 18 2020 yuxiangyang <yuxiangyang4@huawei.com> - 1:1.16.1-2 +- delete http_stub_status_module.This configuration creates a simple + web page with basic status data,but it will affect cpu scale-out because + it use atomic cas. + +* Mon Mar 16 2020 likexin <likexin4@huawei.com> - 1:1.16.1-1 +- update to 1.16.1 + +* Mon Mar 16 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.12.1-17 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: fix CVE-2019-20372 + +* Sat Dec 28 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.12.1-16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add the with_mailcap_mimetypes + +* Wed Dec 4 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.12.1-15 +- Package init diff --git a/nginxmods.attr b/nginxmods.attr new file mode 100644 index 0000000..102da1a --- /dev/null +++ b/nginxmods.attr @@ -0,0 +1,14 @@ +%__nginxmods_requires() %{lua: + -- Match buildroot paths of the form + -- /PATH/OF/BUILDROOT/usr/lib/nginx/modules/ and + -- /PATH/OF/BUILDROOT/usr/lib64/nginx/modules/ + -- generating a line of the form: + -- nginx(abi) = VERSION + local path = rpm.expand("%1") + if path:match("/usr/lib%d*/nginx/modules/.*") then + local requires = "nginx(abi) = " .. rpm.expand("%{_nginx_abiversion}") + print(requires) + end +} + +%__nginxmods_path ^%{_prefix}/lib(64)?/nginx/modules/.*\\.so$ @@ -0,0 +1,2 @@ +a0411bcbd1ff88bb2ea542af2ef57314 nginx-1.27.2.tar.gz +425a3bef572ffa7e706bd7db8452c733 nginx-logo.png |