Website Administrator

Something has triggered missing webpage on your + website. This is the default 404 error page for + nginx that is distributed with + openEuler. It is located + /usr/share/nginx/html/404.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /etc/nginx/nginx.conf.

+ +

The page is temporarily unavailable

nginx error!

+ +

The page you are looking for is temporarily unavailable. Please try again later.

+ +

Website Administrator

Something has triggered an error on your + website. This is the default error page for + nginx that is distributed with + openEuler. It is located + /usr/share/nginx/html/50x.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /etc/nginx/nginx.conf.

+ +

+Date: Tue, 10 Oct 2023 15:13:39 +0300 +Subject: [PATCH] HTTP/2: per-iteration stream handling limit. + +To ensure that attempts to flood servers with many streams are detected +early, a limit of no more than 2 * max_concurrent_streams new streams per one +event loop iteration was introduced. This limit is applied even if +max_concurrent_streams is not yet reached - for example, if corresponding +streams are handled synchronously or reset. + +Further, refused streams are now limited to maximum of max_concurrent_streams +and 100, similarly to priority_limit initial value, providing some tolerance +to clients trying to open several streams at the connection start, yet +low tolerance to flooding attempts. + +Conflict: context adapt +Reference: https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9 +--- + src/http/v2/ngx_http_v2.c | 15 +++++++++++++++ + src/http/v2/ngx_http_v2.h | 2 ++ + 2 files changed, 17 insertions(+) + +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index 7c05ff1e78..410a8be24e 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { + c->close = 0; +@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + + rst_stream: + ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } ++ + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); + } +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index cb9014ccfb..6751b3026d 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s { + ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + + ngx_uint_t pushing; diff --git a/backport-CVE-2024-7347.patch b/backport-CVE-2024-7347.patch new file mode 100644 index 0000000..d4e44c8 --- /dev/null +++ b/backport-CVE-2024-7347.patch @@ -0,0 +1,43 @@ +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -3099,7 +3099,8 @@ static ngx_int_t + ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4, + ngx_http_mp4_trak_t *trak, ngx_uint_t start) + { +- uint32_t start_sample, chunk, samples, id, next_chunk, n, ++ uint64_t n; ++ uint32_t start_sample, chunk, samples, id, next_chunk, + prev_samples; + ngx_buf_t *data, *buf; + ngx_uint_t entries, target_chunk, chunk_samples; +@@ -3155,12 +3156,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 + + next_chunk = ngx_mp4_get_32value(entry->chunk); + ++ if (next_chunk < chunk) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "unordered mp4 stsc chunks in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, + "sample:%uD, chunk:%uD, chunks:%uD, " + "samples:%uD, id:%uD", + start_sample, chunk, next_chunk - chunk, samples, id); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample < n) { + goto found; +@@ -3182,7 +3190,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4 + "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD", + start_sample, chunk, next_chunk - chunk, samples); + +- n = (next_chunk - chunk) * samples; ++ n = (uint64_t) (next_chunk - chunk) * samples; + + if (start_sample > n) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, diff --git a/index.html b/index.html new file mode 100644 index 0000000..bacdfb5 --- /dev/null +++ b/index.html @@ -0,0 +1,111 @@ + + + + + + Test Page for the Nginx HTTP Server on openEuler + + + + +

Welcome to nginx on openEuler!

+ +

This page is used to test the proper operation of the + nginx HTTP server after it has been + installed. If you can read this page, it means that the + web server installed at this site is working + properly.

+ +

Website Administrator

This is the default index.html page that + is distributed with nginx on + openEuler. It is located in + /usr/share/nginx/html.

+ +

You should now put your content in a location of + your choice and edit the root configuration + directive in the nginx + configuration file + /etc/nginx/nginx.conf.

+ +

+ + diff --git a/macros.nginxmods.in b/macros.nginxmods.in new file mode 100644 index 0000000..9b612b2 --- /dev/null +++ b/macros.nginxmods.in @@ -0,0 +1,20 @@ +%_nginx_abiversion @@NGINX_ABIVERSION@@ +%_nginx_srcdir @@NGINX_SRCDIR@@ +%_nginx_buildsrcdir nginx-src +%_nginx_modsrcdir .. +%_nginx_modbuilddir ../%{_vpath_builddir} +%nginx_moddir @@NGINX_MODDIR@@ +%nginx_modconfdir @@NGINX_MODCONFDIR@@ + +%nginx_modrequires Requires: nginx(abi) = %{_nginx_abiversion} + +%nginx_modconfigure(:-:) \\\ + %undefine _strict_symbol_defs_build \ + cp -a "%{_nginx_srcdir}" "%{_nginx_buildsrcdir}" \ + cd "%{_nginx_buildsrcdir}" \ + nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" \ + ./configure --with-compat --with-cc-opt="%{optflags} $(pcre-config --cflags)" --with-ld-opt="$nginx_ldopts" \\\ + --add-dynamic-module=$(realpath %{_nginx_modsrcdir}) --builddir=$(realpath %{_nginx_modbuilddir}) %{**} \ + cd - + +%nginx_modbuild %{__make} -C "%{_nginx_buildsrcdir}" %{_make_output_sync} %{?_smp_mflags} %{_make_verbose} modules diff --git a/nginx-1.12.1-logs-perm.patch b/nginx-1.12.1-logs-perm.patch new file mode 100644 index 0000000..4884a84 --- /dev/null +++ b/nginx-1.12.1-logs-perm.patch @@ -0,0 +1,13 @@ +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index aee7a58..bcceecb 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) + } + + fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND, +- NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS); ++ NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220); + + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, + "reopen file \"%s\", old:%d new:%d", diff --git a/nginx-auto-cc-gcc.patch b/nginx-auto-cc-gcc.patch new file mode 100644 index 0000000..0829d84 --- /dev/null +++ b/nginx-auto-cc-gcc.patch @@ -0,0 +1,10 @@ +--- a/auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600 ++++ b/auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600 +@@ -172,7 +172,6 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/nginx-fix-pidfile.patch b/nginx-fix-pidfile.patch new file mode 100644 index 0000000..47a16ff --- /dev/null +++ b/nginx-fix-pidfile.patch @@ -0,0 +1,89 @@ +Description: Fix NGINX pidfile handling +Author: Tj +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365 +Last-Update: 2020-06-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +diff --git a/src/core/nginx.c b/src/core/nginx.c +index 9fcb0eb2..083eba1d 100644 +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -338,14 +338,21 @@ main(int argc, char *const *argv) + ngx_process = NGX_PROCESS_MASTER; + } + ++ /* tell-tale to detect if this is parent or child process */ ++ ngx_int_t child_pid = NGX_BUSY; ++ + #if !(NGX_WIN32) + + if (ngx_init_signals(cycle->log) != NGX_OK) { + return 1; + } + ++ /* tell-tale that this code has been executed */ ++ child_pid--; ++ + if (!ngx_inherited && ccf->daemon) { +- if (ngx_daemon(cycle->log) != NGX_OK) { ++ child_pid = ngx_daemon(cycle->log); ++ if (child_pid == NGX_ERROR) { + return 1; + } + +@@ -358,8 +365,19 @@ main(int argc, char *const *argv) + + #endif + +- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { +- return 1; ++ /* If ngx_daemon() returned the child's PID in the parent process ++ * after the fork() set ngx_pid to the child_pid, which gets ++ * written to the PID file, then exit. ++ * For NGX_WIN32 always write the PID file ++ * For others, only write it from the parent process */ ++ if (child_pid < NGX_OK || child_pid > NGX_OK) { ++ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid; ++ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { ++ return 1; ++ } ++ } ++ if (child_pid > NGX_OK) { ++ exit(0); + } + + if (ngx_log_redirect_stderr(cycle) != NGX_OK) { +diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c +index 385c49b6..3719854c 100644 +--- a/src/os/unix/ngx_daemon.c ++++ b/src/os/unix/ngx_daemon.c +@@ -7,14 +7,17 @@ + + #include + #include ++#include + + + ngx_int_t + ngx_daemon(ngx_log_t *log) + { + int fd; ++ /* retain the return value for passing back to caller */ ++ pid_t pid_child = fork(); + +- switch (fork()) { ++ switch (pid_child) { + case -1: + ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed"); + return NGX_ERROR; +@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log) + break; + + default: +- exit(0); ++ /* let caller do the exit() */ ++ return pid_child; + } + + ngx_parent = ngx_pid; diff --git a/nginx-upgrade b/nginx-upgrade new file mode 100644 index 0000000..f84d91a --- /dev/null +++ b/nginx-upgrade @@ -0,0 +1,19 @@ +#!/bin/sh +[ ! -f /run/nginx.pid ] && exit 1 +echo "Start new nginx master..." +/bin/systemctl kill --signal=SIGUSR2 nginx.service +sleep 5 +[ ! -f /run/nginx.pid.oldbin ] && sleep 10 +if [ ! -f /run/nginx.pid.oldbin ]; then + echo "Failed to start new nginx master." + exit 1 +fi +echo "Stop old nginx master gracefully..." +oldpid=`/usr/bin/cat /run/nginx.pid.oldbin 2>/dev/null` +/bin/kill -s QUIT $oldpid 2>/dev/null +sleep 5 +[ -f /run/nginx.pid.oldbin ] && sleep 10 +if [ -f /run/nginx.pid.oldbin ]; then + echo "Failed to stop old nginx master." + exit 1 +fi diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..8839c11 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,83 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen 80; + listen [::]:80; + server_name _; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + error_page 404 /404.html; + location = /404.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers PROFILE=SYSTEM; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# error_page 404 /404.html; +# location = /404.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} + diff --git a/nginx.logrotate b/nginx.logrotate new file mode 100644 index 0000000..353da6e --- /dev/null +++ b/nginx.logrotate @@ -0,0 +1,13 @@ +/var/log/nginx/*log { + create 0664 nginx root + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true + endscript +} + diff --git a/nginx.service b/nginx.service new file mode 100644 index 0000000..5b16189 --- /dev/null +++ b/nginx.service @@ -0,0 +1,20 @@ +[Unit] +Description=The nginx HTTP and reverse proxy server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +# Nginx will fail to start if /run/nginx.pid already exists but has the wrong +# SELinux context. This might happen when running `nginx -t` from the cmdline. +ExecStartPre=/usr/bin/rm -f /run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t +ExecStart=/usr/sbin/nginx +ExecReload=/bin/kill -s HUP $MAINPID +KillSignal=SIGQUIT +TimeoutStopSec=5 +KillMode=mixed +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/nginx.spec b/nginx.spec new file mode 100644 index 0000000..57f31aa --- /dev/null +++ b/nginx.spec @@ -0,0 +1,464 @@ +%global _hardened_build 1 +%global nginx_user nginx + +%undefine _strict_symbol_defs_build + +%bcond_with geoip + +%global with_gperftools 1 + +%global with_mailcap_mimetypes 0 + +%global with_aio 1 + +%global __provides_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ +%global __requires_exclude_from ^%{_usrsrc}/%{name}-%{version}-%{release}/.*$ + +Name: nginx +Epoch: 1 +Version: 1.27.2 +Release: 1 +Summary: A HTTP server, reverse proxy and mail proxy server +License: BSD +URL: http://nginx.org/ + +Source0: https://nginx.org/download/nginx-%{version}.tar.gz +Source10: nginx.service +Source11: nginx.logrotate +Source12: nginx.conf +Source13: nginx-upgrade +Source14: macros.nginxmods.in +Source15: nginxmods.attr +Source100: index.html +Source102: nginx-logo.png +Source103: 404.html +Source104: 50x.html +Source200: README.dynamic +Source210: UPGRADE-NOTES-1.6-to-1.10 + +Patch0: nginx-auto-cc-gcc.patch +Patch1: nginx-1.12.1-logs-perm.patch +Patch2: nginx-fix-pidfile.patch +Patch3: backport-CVE-2023-44487.patch +# https://nginx.org/download/patch.2024.mp4.txt +Patch4: backport-CVE-2024-7347.patch + +BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel +Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl +Requires: nginx-all-modules = %{epoch}:%{version}-%{release} +%if 0%{?with_mailcap_mimetypes} +Requires: nginx-mimetypes +%endif +Requires(pre): nginx-filesystem +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Provides: webserver +Provides: nginx(abi) = %{version} +Recommends: logrotate + +%description +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. + +%package all-modules +Summary: Nginx modules +BuildArch: noarch + +%if %{with geoip} +Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release} +%endif +Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-mail = %{epoch}:%{version}-%{release} +Requires: nginx-mod-stream = %{epoch}:%{version}-%{release} + +%description all-modules +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. +This package is a meta package that installs all available Nginx modules. + +%package filesystem +Summary: Filesystem for the Nginx server +BuildArch: noarch +Requires(pre): shadow-utils + +%description filesystem +NGINX is a free, open-source, high-performance HTTP server and reverse proxy, +as well as an IMAP/POP3 proxy server. +The package contains the basic directory layout for the Nginx server. + +%if %{with geoip} +%package mod-http-geoip +Summary: HTTP geoip module for nginx +BuildRequires: GeoIP-devel +Requires: nginx(abi) = %{version} GeoIP + +%description mod-http-geoip +The package is the Nginx HTTP geoip module. +%endif + +%package mod-http-image-filter +Summary: HTTP image filter module for nginx +BuildRequires: gd-devel +Requires: nginx(abi) = %{version} gd + +%description mod-http-image-filter +Nginx HTTP image filter module. + +%package mod-http-perl +Summary: HTTP perl module for nginx +BuildRequires: perl-devel perl(ExtUtils::Embed) +Requires: nginx(abi) = %{version} perl(constant) +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description mod-http-perl +Nginx HTTP perl module. + +%package mod-http-xslt-filter +Summary: XSLT module for nginx +BuildRequires: libxslt-devel +Requires: nginx(abi) = %{version} + +%description mod-http-xslt-filter +Nginx XSLT module. + +%package mod-mail +Summary: mail modules for nginx +Requires: nginx(abi) = %{version} + +%description mod-mail +Nginx mail modules + +%package mod-stream +Summary: stream modules for nginx +Requires: nginx(abi) = %{version} + +%description mod-stream +Nginx stream modules. + +%package mod-devel +Summary: nginx module development +Requires: nginx = %{epoch}:%{version}-%{release} +Requires: make gcc gd-devel libxslt-devel openssl-devel +Requires: pcre2-devel perl-devel perl(ExtUtils::Embed) zlib-devel +%if 0%{?with_gperftools} +Requires: gperftools-devel +%endif +%if %{with geoip} +Requires: GeoIP-devel +%endif + +%description mod-devel +Nginx module development + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 +cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . +cp -a ../%{name}-%{version} ../%{name}-%{version}-%{release}-src +mv ../%{name}-%{version}-%{release}-src . + +%build +export DESTDIR=%{buildroot} +nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" +if ! ./configure \ + --prefix=%{_datadir}/nginx --sbin-path=%{_sbindir}/nginx --modules-path=%{_libdir}/nginx/modules \ + --conf-path=%{_sysconfdir}/nginx/nginx.conf --error-log-path=%{_localstatedir}/log/nginx/error.log \ + --http-log-path=%{_localstatedir}/log/nginx/access.log \ + --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \ + --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \ + --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \ + --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \ + --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \ + --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx \ + --user=%{nginx_user} --group=%{nginx_user} \ +%if 0%{?with_aio} + --with-file-aio \ +%endif + --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module \ + --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic \ +%if %{with geoip} + --with-http_geoip_module=dynamic \ +%endif + --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module \ + --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module \ + --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module \ + --with-http_perl_module=dynamic --with-http_auth_request_module \ + --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt=yes --with-pcre --with-pcre-jit --with-stream=dynamic \ + --with-stream_ssl_module --with-google_perftools_module --with-debug \ + --with-cc-opt="%{optflags} $(pcre2-config --cflags)" --with-ld-opt="$nginx_ldopts"; then + : configure failed + cat objs/autoconf.err + exit 1 +fi + +%make_build + + +%install +%make_install INSTALLDIRS=vendor + +find %{buildroot} -type f -empty -exec rm -f '{}' \; +find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; +find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; +find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; + +pushd %{buildroot} +install -p -D -m 0644 %{_builddir}/nginx-%{version}/nginx.service .%{_unitdir}/nginx.service +install -p -D -m 0644 %{SOURCE11} .%{_sysconfdir}/logrotate.d/nginx +install -p -d -m 0755 .%{_sysconfdir}/systemd/system/nginx.service.d +install -p -d -m 0755 .%{_unitdir}/nginx.service.d +install -p -d -m 0755 .%{_sysconfdir}/nginx/conf.d +install -p -d -m 0755 .%{_sysconfdir}/nginx/default.d +install -p -d -m 0700 .%{_localstatedir}/lib/nginx +install -p -d -m 0700 .%{_localstatedir}/lib/nginx/tmp +install -p -d -m 0700 .%{_localstatedir}/log/nginx +install -p -d -m 0755 .%{_datadir}/nginx/html +install -p -d -m 0755 .%{_datadir}/nginx/modules +install -p -d -m 0755 .%{_libdir}/nginx/modules +install -p -m 0644 %{_builddir}/nginx-%{version}/nginx.conf .%{_sysconfdir}/nginx +install -p -m 0644 %{SOURCE100} .%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE102} .%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE103} %{SOURCE104} .%{_datadir}/nginx/html + +%if 0%{?with_mailcap_mimetypes} +rm -f .%{_sysconfdir}/nginx/mime.types +%endif + +install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 .%{_mandir}/man8/nginx.8 +install -p -D -m 0755 %{SOURCE13} .%{_bindir}/nginx-upgrade +popd + +for i in ftdetect indent syntax; do + install -p -D -m644 contrib/vim/${i}/nginx.vim %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim +done + +%if %{with geoip} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf +%endif + +pushd %{buildroot} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-image-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-perl.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ + > .%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ + > .%{_datadir}/nginx/modules/mod-mail.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ + > .%{_datadir}/nginx/modules/mod-stream.conf +popd + +mkdir -p %{buildroot}%{_usrsrc} +mv %{name}-%{version}-%{release}-src %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release} + +mkdir -p %{buildroot}%{_rpmmacrodir} +sed -e "s|@@NGINX_ABIVERSION@@|%{version}|g" \ + -e "s|@@NGINX_MODDIR@@|%{_libdir}\/nginx\/modules|g" \ + -e "s|@@NGINX_MODCONFDIR@@|%{_datadir}\/nginx\/modules|g" \ + -e "s|@@NGINX_SRCDIR@@|%{_usrsrc}\/%{name}-%{version}-%{release}|g" \ + %{SOURCE14} > %{buildroot}%{_rpmmacrodir}/macros.nginxmods +install -Dpm0644 %{SOURCE15} %{buildroot}%{_fileattrsdir}/nginxmods.attr + +%pre filesystem +getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} +getent passwd %{nginx_user} > /dev/null || useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ + -s /sbin/nologin -c "Nginx web server" %{nginx_user} +exit 0 + +%post +%systemd_post nginx.service + +%if %{with geoip} +%post mod-http-geoip +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi +%endif + +%post mod-http-image-filter +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-perl +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-xslt-filter +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-mail +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-stream +if [ $1 -eq 1 ]; then + systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%preun +%systemd_preun nginx.service + +%postun +%systemd_postun nginx.service +if [ $1 -ge 1 ]; then + /usr/bin/nginx-upgrade >/dev/null 2>&1 || : +fi + +%files +%defattr(-,root,root) +%license LICENSE +%config(noreplace) %{_sysconfdir}/nginx/* +%config(noreplace) %{_sysconfdir}/logrotate.d/nginx +%exclude %{_sysconfdir}/nginx/conf.d +%exclude %{_sysconfdir}/nginx/default.d +%if 0%{?with_mailcap_mimetypes} +%exclude %{_sysconfdir}/nginx/mime.types +%endif +%{_bindir}/nginx-upgrade +%{_sbindir}/nginx +%dir %{_libdir}/nginx/modules +%dir %{_datadir}/nginx/modules +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/lib/nginx/tmp +%{_unitdir}/nginx.service +%{_datadir}/nginx/html/* +%{_datadir}/vim/vimfiles/ftdetect/nginx.vim +%{_datadir}/vim/vimfiles/syntax/nginx.vim +%{_datadir}/vim/vimfiles/indent/nginx.vim +%attr(770,%{nginx_user},root) %dir %{_localstatedir}/log/nginx + +%files all-modules + +%files filesystem +%dir %{_sysconfdir}/nginx +%dir %{_sysconfdir}/nginx/{conf.d,default.d} +%dir %{_sysconfdir}/systemd/system/nginx.service.d +%dir %{_unitdir}/nginx.service.d +%dir %{_datadir}/nginx +%dir %{_datadir}/nginx/html + +%if %{with geoip} +%files mod-http-geoip +%{_libdir}/nginx/modules/ngx_http_geoip_module.so +%{_datadir}/nginx/modules/mod-http-geoip.conf +%endif + +%files mod-http-image-filter +%{_libdir}/nginx/modules/ngx_http_image_filter_module.so +%{_datadir}/nginx/modules/mod-http-image-filter.conf + +%files mod-http-perl +%{_libdir}/nginx/modules/ngx_http_perl_module.so +%{_datadir}/nginx/modules/mod-http-perl.conf +%dir %{perl_vendorarch}/auto/nginx +%{perl_vendorarch}/nginx.pm +%{perl_vendorarch}/auto/nginx/nginx.so + +%files mod-http-xslt-filter +%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so +%{_datadir}/nginx/modules/mod-http-xslt-filter.conf + +%files mod-mail +%{_libdir}/nginx/modules/ngx_mail_module.so +%{_datadir}/nginx/modules/mod-mail.conf + +%files mod-stream +%{_libdir}/nginx/modules/ngx_stream_module.so +%{_datadir}/nginx/modules/mod-stream.conf + +%files mod-devel +%{_rpmmacrodir}/macros.nginxmods +%{_fileattrsdir}/nginxmods.attr +%{_usrsrc}/%{name}-%{version}-%{release} + +%files help +%defattr(-,root,root) +%doc CHANGES README README.dynamic +%{_mandir}/man3/nginx.3pm* +%{_mandir}/man8/nginx.8* + +%changelog +* Thu Oct 31 2024 lifan - 1.27.2-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update nginx to 1.27.2 + +* Thu Aug 15 2024 Funda Wang - 1:1.24.0-2 +- fix CVE-2024-7347 + +* Tue Jan 02 2024 gaihuiying - 1:1.24.0-1 +- update nginx to 1.24.0 + +* Thu Oct 19 2023 yanglu - 1:1.23.3-2 +- fix CVE-2023-44487 + +* Thu Mar 16 2023 gaihuiying - 1:1.23.3-1 +- update nginx to 1.23.3 + +* Thu Nov 24 2022 zhouyihang - 1:1.23.2-2 +- add package mod-devel + +* Mon Nov 14 2022 gaihuiying - 1:1.23.2-1 +- update nginx to 1.23.2 + +* Tue Jul 19 2022 gaihuiying - 1:1.21.5-2 +- switch pcre to pcre2 + +* Sat Jan 15 2022 yaoxin - 1:1.21.5-1 +- Upgrade nginx to 1.21.5 + +* Tue Jun 15 2021 yanglu - 1:1.18.0-5 +- fix CVE-2021-23017 + +* Sat Mar 20 2021 wangxiaopeng - 1:1.18.0-4 +- Fix NGINX pidfile handling + +* Mon Mar 15 2021 gaihuiying - 1:1.18.0-3 +- delete unimportant comment + +* Thu Sep 3 2020 yanan li - 1:1.18.0-2 +- add mime.types file to nginx packages + +* Thu Jun 4 2020 huanghaitao - 1:1.18.0-1 +- Change source to latest update + +* Fri May 22 2020 wutao - 1:1.16.1-4 +- change and delete html + +* Mon May 11 2020 wutao - 1:1.16.1-3 +- modify patch and html + +* Wed Mar 18 2020 yuxiangyang - 1:1.16.1-2 +- delete http_stub_status_module.This configuration creates a simple + web page with basic status data,but it will affect cpu scale-out because + it use atomic cas. + +* Mon Mar 16 2020 likexin - 1:1.16.1-1 +- update to 1.16.1 + +* Mon Mar 16 2020 openEuler Buildteam - 1:1.12.1-17 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: fix CVE-2019-20372 + +* Sat Dec 28 2019 openEuler Buildteam - 1:1.12.1-16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add the with_mailcap_mimetypes + +* Wed Dec 4 2019 openEuler Buildteam - 1:1.12.1-15 +- Package init diff --git a/nginxmods.attr b/nginxmods.attr new file mode 100644 index 0000000..102da1a --- /dev/null +++ b/nginxmods.attr @@ -0,0 +1,14 @@ +%__nginxmods_requires() %{lua: + -- Match buildroot paths of the form + -- /PATH/OF/BUILDROOT/usr/lib/nginx/modules/ and + -- /PATH/OF/BUILDROOT/usr/lib64/nginx/modules/ + -- generating a line of the form: + -- nginx(abi) = VERSION + local path = rpm.expand("%1") + if path:match("/usr/lib%d*/nginx/modules/.*") then + local requires = "nginx(abi) = " .. rpm.expand("%{_nginx_abiversion}") + print(requires) + end +} + +%__nginxmods_path ^%{_prefix}/lib(64)?/nginx/modules/.*\\.so$ diff --git a/sources b/sources new file mode 100644 index 0000000..30b2b94 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +a0411bcbd1ff88bb2ea542af2ef57314 nginx-1.27.2.tar.gz +425a3bef572ffa7e706bd7db8452c733 nginx-logo.png -- cgit v1.2.3