Accepting request 399481 from home:darix:playground

- update to 1.10.1 (bsc# 982505)
  Security: a segmentation fault might occur in a worker process
  while writing a specially crafted request body to a temporary
  file (CVE-2016-4450); the bug had appeared in 1.3.9.

- improve conditionals
  - merge the 12.2 and 12.1 based conditionals into 1 as both of
    them are out of support now.
  - enable pcre JIT
  - make use if libatomic_ops on Leap

- enable dynamic modules for intree modules. The following modules
  are built as loadable modules now:
  ngx_http_geoip_module.so
  ngx_http_image_filter_module.so
  ngx_http_perl_module.so
  ngx_http_xslt_filter_module.so
  ngx_mail_module.so
  ngx_stream_module.so
  You will have to load those modules with load_module.
  http://nginx.org/en/docs/ngx_core_module.html#load_module
  The correct syntax for this package is:
  # For 64bit machines:
  load_module lib64/nginx/modules/ngx_http_geoip_module.so;
  # For 32bit machines:
  load_module lib/nginx/modules/ngx_http_geoip_module.so;
  Examples for all the intree modules have been added to the
  default nginx.conf
- patches updated:
  nginx-1.6.1-default_config.patch - added load_module example

OBS-URL: https://build.opensuse.org/request/show/399481
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=64

nginx-1.10.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d
-size 908954

nginx-1.10.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801
+size 909077

nginx-1.6.1-default_config.patch

@@ -1,8 +1,8 @@
 Index: conf/nginx.conf
 ===================================================================
---- conf.orig/nginx.conf
+--- conf/nginx.conf.orig
 +++ conf/nginx.conf
-@@ -1,16 +1,17 @@
+@@ -1,16 +1,24 @@
  
 -#user  nobody;
 +#user  nginx;
@@ -11,6 +11,13 @@ Index: conf/nginx.conf
 -#error_log  logs/error.log;
 -#error_log  logs/error.log  notice;
 -#error_log  logs/error.log  info;
++# load_module #LIBDIR#/nginx/modules/ngx_http_geoip_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so;
++# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so;
++
 +#error_log  /var/log/nginx/error.log;
 +#error_log  /var/log/nginx/error.log  notice;
 +#error_log  /var/log/nginx/error.log  info;
@@ -25,7 +32,7 @@ Index: conf/nginx.conf
  }
  
  
-@@ -22,7 +23,7 @@ http {
+@@ -22,7 +30,7 @@ http {
      #                  '$status $body_bytes_sent "$http_referer" '
      #                  '"$http_user_agent" "$http_x_forwarded_for"';
  
@@ -34,7 +41,7 @@ Index: conf/nginx.conf
  
      sendfile        on;
      #tcp_nopush     on;
-@@ -32,16 +33,18 @@ http {
+@@ -32,16 +40,18 @@ http {
  
      #gzip  on;
  
@@ -55,7 +62,7 @@ Index: conf/nginx.conf
              index  index.html index.htm;
          }
  
-@@ -51,7 +54,7 @@ http {
+@@ -51,7 +61,7 @@ http {
          #
          error_page   500 502 503 504  /50x.html;
          location = /50x.html {
@@ -64,7 +71,7 @@ Index: conf/nginx.conf
          }
  
          # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -63,7 +66,7 @@ http {
+@@ -63,7 +73,7 @@ http {
          # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
          #
          #location ~ \.php$ {
@@ -73,7 +80,7 @@ Index: conf/nginx.conf
          #    fastcgi_pass   127.0.0.1:9000;
          #    fastcgi_index  index.php;
          #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-@@ -87,7 +90,7 @@ http {
+@@ -87,7 +97,7 @@ http {
      #    server_name  somename  alias  another.alias;
  
      #    location / {
@@ -82,7 +89,7 @@ Index: conf/nginx.conf
      #        index  index.html index.htm;
      #    }
      #}
-@@ -109,9 +112,11 @@ http {
+@@ -109,9 +119,11 @@ http {
      #    ssl_prefer_server_ciphers  on;
  
      #    location / {

nginx.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Wed Jun  1 12:33:55 UTC 2016 - mrueckert@suse.de
+
+- update to 1.10.1 (bsc# 982505)
+  Security: a segmentation fault might occur in a worker process
+  while writing a specially crafted request body to a temporary
+  file (CVE-2016-4450); the bug had appeared in 1.3.9.
+
+-------------------------------------------------------------------
+Sun May 15 11:03:18 UTC 2016 - mrueckert@suse.de
+
+- improve conditionals
+  - merge the 12.2 and 12.1 based conditionals into 1 as both of
+    them are out of support now.
+  - enable pcre JIT
+  - make use if libatomic_ops on Leap
+
+-------------------------------------------------------------------
+Sun May 15 10:36:19 UTC 2016 - mrueckert@suse.de
+
+- enable dynamic modules for intree modules. The following modules
+  are built as loadable modules now:
+
+  ngx_http_geoip_module.so
+  ngx_http_image_filter_module.so
+  ngx_http_perl_module.so
+  ngx_http_xslt_filter_module.so
+  ngx_mail_module.so
+  ngx_stream_module.so
+
+  You will have to load those modules with load_module.
+  http://nginx.org/en/docs/ngx_core_module.html#load_module
+
+  The correct syntax for this package is:
+
+  # For 64bit machines:
+  load_module lib64/nginx/modules/ngx_http_geoip_module.so;
+
+  # For 32bit machines:
+  load_module lib/nginx/modules/ngx_http_geoip_module.so;
+
+  Examples for all the intree modules have been added to the
+  default nginx.conf
+- patches updated:
+  nginx-1.6.1-default_config.patch - added load_module example
+
 -------------------------------------------------------------------
 Sun May 15 05:34:35 UTC 2016 - mrueckert@suse.de
 

nginx.spec

@@ -20,7 +20,7 @@
 %bcond_with    google_perftools
 %bcond_without fancyindex
 
-%if 0%{?suse_version} != 1315
+%if 0%{?suse_version} != 1315 || 0%{?is_opensuse}
 %bcond_without libatomic
 %else
 %bcond_with    libatomic
@@ -28,19 +28,18 @@
 
 %if 0%{?suse_version} > 1220
 %bcond_without http2
-%else
-%bcond_with    http2
-%endif
-
-%if 0%{?suse_version} >= 1210
+%bcond_without pcre_jit
 %bcond_without systemd
 %else
-%bcond_with systemd
+%bcond_with    http2
+%bcond_with    pcre_jit
+%bcond_with    systemd
 %endif
 
 %define pkg_name nginx
 %define ngx_prefix     %{_prefix}
 %define ngx_sbin_path  %{_sbindir}/nginx
+%define ngx_module_dir %{_libdir}/nginx/modules
 %define ngx_conf_dir   %{_sysconfdir}/nginx
 %define ngx_conf_path  %{ngx_conf_dir}/nginx.conf
 %define ngx_log_dir    %{_localstatedir}/log/nginx
@@ -63,7 +62,7 @@
 %endif
 #
 Name:           nginx
-Version:        1.10.0
+Version:        1.10.1
 Release:        0
 %define fancyindex_version 0.3.5
 Summary:        A HTTP server and IMAP/POP3 proxy server
@@ -135,6 +134,7 @@ It has been running on many heavily loaded Russian sites for more than two years
 %patch4 -p1
 
 perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl
+perl -pi -e 's|#LIBDIR#|%{_lib}|g' conf/nginx.conf
 
 %if %{with fancyindex}
 mkdir -p ngx-fancyindex-%{fancyindex_version}
@@ -151,6 +151,7 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init
 ./configure                                    \
   --prefix=%{ngx_prefix}/                      \
   --sbin-path=%{ngx_sbin_path}                 \
+  --modules-path=%{ngx_module_dir}             \
   --conf-path=%{ngx_conf_path}                 \
   --error-log-path=%{ngx_error_log}            \
   --http-log-path=%{ngx_access_log}            \
@@ -173,9 +174,9 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init
   %endif
   --with-http_realip_module                    \
   --with-http_addition_module                  \
-  --with-http_xslt_module                      \
-  --with-http_image_filter_module              \
-  --with-http_geoip_module                     \
+  --with-http_xslt_module=dynamic              \
+  --with-http_image_filter_module=dynamic      \
+  --with-http_geoip_module=dynamic             \
   --with-http_sub_module                       \
   --with-http_dav_module                       \
   --with-http_flv_module                       \
@@ -188,12 +189,15 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init
   --with-http_degradation_module               \
   --with-http_slice_module                     \
   --with-http_stub_status_module               \
-  --with-http_perl_module                      \
+  --with-http_perl_module=dynamic              \
   --with-perl=%{_bindir}/perl                  \
-  --with-mail                                  \
-  --with-stream                                \
+  --with-mail=dynamic                          \
+  --with-stream=dynamic                        \
   --with-mail_ssl_module                       \
   --with-pcre                                  \
+  %if %{with pcre_jit}
+  --with-pcre-jit                              \
+  %endif
   %if %{with libatomic}
   --with-libatomic                             \
   %endif
@@ -209,7 +213,7 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init
   --with-md5=%{_prefix}                              \
   --with-sha1=%{_prefix}                             \
 %if 0%{?suse_version} > 1220
-  --with-cc-opt="%{optflags} -fPIE -D_GNU_SOURCE -std=gnu99 -fstack-protector" \
+  --with-cc-opt="%{optflags} -fPIC -D_GNU_SOURCE -std=gnu99 -fstack-protector" \
   --with-ld-opt="-Wl,-z,relro,-z,now -pie"
 %else
   --with-cc-opt="%{optflags}"
@@ -285,6 +289,14 @@ rm %{buildroot}/srv/www/htdocs/index.html
 %{perl_vendorarch}/auto/nginx/
 %{perl_vendorarch}/nginx.pm
 %{ngx_sbin_path}
+%dir %{_libdir}/nginx/
+%dir %{ngx_module_dir}/
+%{ngx_module_dir}/ngx_http_geoip_module.so
+%{ngx_module_dir}/ngx_http_image_filter_module.so
+%{ngx_module_dir}/ngx_http_perl_module.so
+%{ngx_module_dir}/ngx_http_xslt_filter_module.so
+%{ngx_module_dir}/ngx_mail_module.so
+%{ngx_module_dir}/ngx_stream_module.so
 %{_mandir}/man3/nginx.3pm*
 /srv/www/htdocs/50x.html
 %if 0%{?suse_version} && 0%{?suse_version} < 1140