From 348db313e0b2b9825493ffc29c12e7998fff53abf2441c9ec81a229580ac1809 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Fri, 16 Oct 2015 15:03:32 +0000 Subject: [PATCH 1/6] - clean up conditionals and use bcond_with* everywhere - drop passenger support for now OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=54 --- nginx.changes | 6 +++ nginx.spec | 132 ++++++++++++++++++++++---------------------------- 2 files changed, 65 insertions(+), 73 deletions(-) diff --git a/nginx.changes b/nginx.changes index a51a51f..0c39192 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 16 15:01:17 UTC 2015 - mrueckert@suse.de + +- clean up conditionals and use bcond_with* everywhere +- drop passenger support for now + ------------------------------------------------------------------- Thu Jun 11 14:55:50 UTC 2015 - i@marguerite.su diff --git a/nginx.spec b/nginx.spec index fa02b49..86d396f 100644 --- a/nginx.spec +++ b/nginx.spec @@ -15,6 +15,27 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%bcond_with cpp_test +%bcond_with google_perftools +%bcond_without fancyindex + +%if 0%{?suse_version} != 1315 +%bcond_without libatomic +%else +%bcond_with libatomic +%endif + +%if 0%{?suse_version} > 1220 +%bcond_without http2 +%else +%bcond_with http2 +%endif + +%if 0%{?suse_version} >= 1210 +%bcond_without systemd +%else +%bcond_with systemd +%endif %define pkg_name nginx %define ngx_prefix %{_prefix} @@ -31,36 +52,19 @@ %define ngx_tmp_scgi %{ngx_home}/scgi/ %define ngx_tmp_uwsgi %{ngx_home}/uwsgi/ %define ngx_user_group nginx -%define with_cpp_test 0 -%define with_google_perftools 0 -%define with_fancyindex 1 -%define fancyindex_version 0.3.5 -%if 0%{?suse_version} <= 1310 +# +%if %{with systemd} +%define ngx_pid_path /run/nginx.pid +%define ngx_lock_path /run/nginx.lock +%else %define ngx_pid_path %{_localstatedir}/run/nginx.pid %define ngx_lock_path %{_localstatedir}/run/nginx.lock -%else -%define ngx_pid_path /run/nginx.pid -%define ngx_lock_path /run/nginx.lock -%endif -%if 0%{?suse_version} != 1315 -%define with_libatomic 1 -%endif -%if 0%{?suse_version} >= 1220 -# passenger is required by webyast -%if 0%{?suse_version} > 1310 -%define with_passenger 0 -%else -%define with_passenger 1 -%endif -%endif -%if 0%{?suse_version} >= 1210 -%define with_systemd 1 -BuildRequires: systemd -%{?systemd_requires} %endif +# Name: nginx Version: 1.8.0 Release: 0 +%define fancyindex_version 0.3.5 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy @@ -91,35 +95,32 @@ BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: zlib-devel %requires_eq perl -Requires(pre): %fillup_prereq +Requires(pre): %fillup_prereq Requires(pre): %insserv_prereq Requires(pre): pwdutils Recommends: logrotate -Conflicts: otherproviders(nginx) +Conflicts: otherproviders(nginx) Provides: http_daemon Provides: httpd BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?suse_version} == 1310 -Patch7: nginx-1.4.2-passenger-4.0.18.patch -Patch8: nginx-1.8.0-passenger-4.0.18.patch -%endif -%if 0%{?suse_version} <= 1310 -BuildRequires: GeoIP-devel -%else +# +%if 0%{?suse_version} > 1310 BuildRequires: libGeoIP-devel +%else +BuildRequires: GeoIP-devel %endif -%if 0%{?with_google_perftools} +# +%if %{with google_perftools} BuildRequires: google-perftools-devel %endif -%if 0%{?with_libatomic} +# +%if %{with libatomic} BuildRequires: libatomic-ops-devel %endif -%if 0%{?with_passenger} -BuildRequires: curl-devel -BuildRequires: ruby-devel -BuildRequires: rubygem-passenger -BuildRequires: rubygem-passenger-devel-static -Recommends: packageand(rubygem-passenger:rubygem-passenger-nginx) +# +%if %{with systemd} +BuildRequires: systemd +%{?systemd_requires} %endif %description @@ -127,7 +128,7 @@ nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sys It has been running on many heavily loaded Russian sites for more than two years. %prep -%if 0%{?with_fancyindex} +%if %{with fancyindex} %setup -q -n %{pkg_name}-%{version} -b4 %else %setup -q -n %{pkg_name}-%{version} @@ -141,26 +142,14 @@ It has been running on many heavily loaded Russian sites for more than two years perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl -%if 0%{?with_passenger} -cp -a %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger -%if 0%{?suse_version} < 1310 -if [[ -f "passenger/ext/common/libpassenger_common.a" ]] || \ - [[ -f "passenger/ext/common/libboost_oxt.a" ]]; then - rm -r passenger/ext/common/libboost_oxt* passenger/ext/common/libpassenger_common* -fi -%endif -%patch7 -%patch8 -%endif - -%if 0%{with_fancyindex} +%if %{with fancyindex} mkdir -p ngx-fancyindex-%{fancyindex_version} pushd ../ngx-fancyindex-%{fancyindex_version} cp -r template* LICENSE *.rst $RPM_BUILD_DIR/%{pkg_name}-%{version}/ngx-fancyindex-%{fancyindex_version}/ popd %endif -%if 0%{?suse_version} > 1310 +%if %{with systemd} sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init %endif @@ -181,13 +170,13 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init --user=nginx --group=nginx \ --without-select_module \ --without-poll_module \ - --with-file-aio \ --with-threads \ + --with-file-aio \ --with-ipv6 \ --with-http_ssl_module \ -%if 0%{?suse_version} > 1220 + %if %{with http2} --with-http_spdy_module \ -%endif + %endif --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module \ @@ -209,19 +198,16 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init --with-mail \ --with-mail_ssl_module \ --with-pcre \ - %if 0%{?with_libatomic} + %if %{with libatomic} --with-libatomic \ %endif - %if 0%{?with_passenger} - --add-module=passenger/ext/nginx \ - %endif - %if 0%{?with_google_perftools} + %if %{with google_perftools} --with-google_perftools_module \ %endif - %if 0%{?with_cpp_test} + %if %{with cpp_test} --with-cpp_test_module \ %endif - %if 0%{with_fancyindex} + %if %{with fancyindex} --add-module=../ngx-fancyindex-%{fancyindex_version} \ %endif --with-md5=%{_prefix} \ @@ -242,7 +228,7 @@ install -d -m 0750 %{buildroot}%{ngx_home}/{,tmp,proxy,fastcgi,scgi,uwsgi} install -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{pkg_name} -%if 0%{?with_systemd} +%if %{with systemd} install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/nginx.service ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rcnginx %else @@ -253,21 +239,21 @@ ln -s -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} rm %{buildroot}/srv/www/htdocs/index.html %post -%if 0%{?with_systemd} +%if %{with systemd} %service_add_post nginx.service %else %fillup_and_insserv %{pkg_name} %endif %preun -%if 0%{?with_systemd} +%if %{with systemd} %service_del_preun nginx.service %else %stop_on_removal %{pkg_name} %endif %postun -%if 0%{?with_systemd} +%if %{with systemd} %service_del_postun nginx.service %else %restart_on_update %{pkg_name} @@ -278,7 +264,7 @@ rm %{buildroot}/srv/www/htdocs/index.html %{_sbindir}/groupadd -r %{ngx_user_group} &>/dev/null ||: %{_sbindir}/useradd -g %{ngx_user_group} -s /bin/false -r -c "user for %{ngx_user_group}" -d %{ngx_home} %{ngx_user_group} &>/dev/null ||: -%if 0%{?with_systemd} +%if %{with systemd} %service_add_pre nginx.service %endif @@ -319,10 +305,10 @@ rm %{buildroot}/srv/www/htdocs/index.html %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_uwsgi} %doc CHANGES* %doc conf/ contrib/ -%if 0%{with_fancyindex} +%if %{with fancyindex} %doc ngx-fancyindex-%{fancyindex_version}/ %endif -%if 0%{?with_systemd} +%if %{with systemd} %{_unitdir}/nginx.service %else %{_sysconfdir}/init.d/%{pkg_name} From 452e7dc03b4dd89424111955008c93682e27f8fbba5fbcea8ceb0a946cd161d0 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Fri, 16 Oct 2015 15:10:00 +0000 Subject: [PATCH 2/6] - replace custom "kill -QUIT" with the kill signal setting in the service file OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=55 --- nginx-1.4.2-passenger-4.0.18.patch | 82 ------------------ nginx-1.8.0-passenger-4.0.18.patch | 131 ----------------------------- nginx.changes | 6 ++ nginx.service | 7 +- 4 files changed, 11 insertions(+), 215 deletions(-) delete mode 100644 nginx-1.4.2-passenger-4.0.18.patch delete mode 100644 nginx-1.8.0-passenger-4.0.18.patch diff --git a/nginx-1.4.2-passenger-4.0.18.patch b/nginx-1.4.2-passenger-4.0.18.patch deleted file mode 100644 index c4b6410..0000000 --- a/nginx-1.4.2-passenger-4.0.18.patch +++ /dev/null @@ -1,82 +0,0 @@ -Index: passenger/build/common_library.rb -=================================================================== ---- passenger.orig/build/common_library.rb -+++ passenger/build/common_library.rb -@@ -34,7 +34,7 @@ require 'phusion_passenger/common_librar - # Defines tasks for compiling a static library containing Boost and OXT. - def define_libboost_oxt_task(namespace, output_dir, extra_compiler_flags = nil) - output_file = "#{output_dir}.a" -- flags = "-Iext #{extra_compiler_flags} #{PlatformInfo.portability_cflags} #{EXTRA_CXXFLAGS}" -+ flags = "-Iext #{extra_compiler_flags} #{PlatformInfo.portability_cflags} #{EXTRA_CXXFLAGS} -fPIC #{ENV['RPM_OPT_FLAGS']} " - - if false && boolean_option('RELEASE') - # Disable RELEASE support. Passenger Standalone wants to link to the -@@ -126,7 +126,7 @@ if USE_VENDORED_LIBEV - ] - file LIBEV_OUTPUT_DIR + "Makefile" => dependencies do - # Disable all warnings: http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod#COMPILER_WARNINGS -- cflags = "#{EXTRA_CXXFLAGS} -w" -+ cflags = "#{EXTRA_CXXFLAGS} #{ENV['RPM_OPT_FLAGS']} -w" - sh "mkdir -p #{LIBEV_OUTPUT_DIR}" if !File.directory?(LIBEV_OUTPUT_DIR) - sh "cd #{LIBEV_OUTPUT_DIR} && sh #{LIBEV_SOURCE_DIR}configure " + - "--disable-shared --enable-static CFLAGS='#{cflags}' orig_CFLAGS=1" -@@ -174,7 +174,7 @@ if USE_VENDORED_LIBEIO - file LIBEIO_OUTPUT_DIR + "Makefile" => dependencies do - # Disable all warnings. The author has a clear standpoint on that: - # http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod#COMPILER_WARNINGS -- cflags = "#{EXTRA_CXXFLAGS} -w" -+ cflags = "#{EXTRA_CXXFLAGS} #{ENV['RPM_OPT_FLAGS']} -w" - sh "mkdir -p #{LIBEIO_OUTPUT_DIR}" if !File.directory?(LIBEIO_OUTPUT_DIR) - sh "cd #{LIBEIO_OUTPUT_DIR} && sh #{LIBEIO_SOURCE_DIR}configure " + - "--disable-shared --enable-static CFLAGS='#{cflags}'" -@@ -183,6 +183,7 @@ if USE_VENDORED_LIBEIO - libeio_sources = Dir["ext/libeio/{*.c,*.h}"] - file LIBEIO_OUTPUT_DIR + ".libs/libeio.a" => [LIBEIO_OUTPUT_DIR + "Makefile"] + libeio_sources do - sh "rm -f #{LIBEIO_OUTPUT_DIR}/libeio.la" -+ sh "cd #{LIBEIO_OUTPUT_DIR} && make eio.o" - sh "cd #{LIBEIO_OUTPUT_DIR} && make libeio.la" - end - -Index: passenger/ext/boost/libs/thread/src/pthread/thread.cpp -=================================================================== ---- passenger.orig/ext/boost/libs/thread/src/pthread/thread.cpp -+++ passenger/ext/boost/libs/thread/src/pthread/thread.cpp -@@ -376,6 +376,7 @@ namespace boost - boost::throw_exception(thread_resource_error(system::errc::invalid_argument, "boost thread: thread not joinable")); - #endif - } -+ return false; - } - - bool thread::joinable() const BOOST_NOEXCEPT -Index: passenger/ext/nginx/StaticContentHandler.c -=================================================================== ---- passenger.orig/ext/nginx/StaticContentHandler.c -+++ passenger/ext/nginx/StaticContentHandler.c -@@ -67,13 +67,6 @@ passenger_static_content_handler(ngx_htt - return NGX_DECLINED; - } - -- #if (PASSENGER_NGINX_MINOR_VERSION == 8 && PASSENGER_NGINX_MICRO_VERSION < 38) || \ -- (PASSENGER_NGINX_MINOR_VERSION == 7 && PASSENGER_NGINX_MICRO_VERSION < 66) -- if (r->zero_in_uri) { -- return NGX_DECLINED; -- } -- #endif -- - log = r->connection->log; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, -Index: passenger/lib/phusion_passenger/common_library.rb -=================================================================== ---- passenger.orig/lib/phusion_passenger/common_library.rb -+++ passenger/lib/phusion_passenger/common_library.rb -@@ -101,7 +101,7 @@ class CommonLibraryBuilder - end - - def define_tasks(extra_compiler_flags = nil) -- flags = "-Iext -Iext/common #{LIBEV_CFLAGS} #{extra_compiler_flags} " -+ flags = "-Iext -Iext/common #{LIBEV_CFLAGS} #{extra_compiler_flags} -fPIC #{ENV['RPM_OPT_FLAGS']} " - flags << "#{PlatformInfo.portability_cflags} #{EXTRA_CXXFLAGS}" - flags.strip! - diff --git a/nginx-1.8.0-passenger-4.0.18.patch b/nginx-1.8.0-passenger-4.0.18.patch deleted file mode 100644 index c97ce0f..0000000 --- a/nginx-1.8.0-passenger-4.0.18.patch +++ /dev/null @@ -1,131 +0,0 @@ -Index: passenger/ext/nginx/Configuration.c -=================================================================== ---- passenger.orig/ext/nginx/Configuration.c 2015-06-24 23:29:12.725985654 +0800 -+++ passenger/ext/nginx/Configuration.c 2015-06-24 23:02:39.654901783 +0800 -@@ -261,7 +261,11 @@ - conf->upstream_config.pass_request_body = NGX_CONF_UNSET; - - #if (NGX_HTTP_CACHE) -- conf->upstream_config.cache = NGX_CONF_UNSET_PTR; -+ #if NGINX_VERSION_NUM >= 1007009 -+ conf->upstream_config.cache = NGX_CONF_UNSET_PTR; -+ #else -+ conf->upstream_config.cache = NGX_CONF_UNSET; -+ #endif - conf->upstream_config.cache_min_uses = NGX_CONF_UNSET_UINT; - conf->upstream_config.cache_bypass = NGX_CONF_UNSET_PTR; - conf->upstream_config.no_cache = NGX_CONF_UNSET_PTR; -@@ -270,6 +274,9 @@ - conf->upstream_config.cache_lock = NGX_CONF_UNSET; - conf->upstream_config.cache_lock_timeout = NGX_CONF_UNSET_MSEC; - #endif -+ #if NGINX_VERSION_NUM >= 1007008 -+ conf->upstream_config.cache_lock_age = NGX_CONF_UNSET_MSEC; -+ #endif - #endif - - conf->upstream_config.intercept_errors = NGX_CONF_UNSET; -@@ -374,15 +381,34 @@ - /******************************/ - /******************************/ - -- if (conf->upstream_config.store != 0) { -- ngx_conf_merge_value(conf->upstream_config.store, -- prev->upstream_config.store, 0); -+ #if (NGX_HTTP_CACHE) && NGINX_VERSION_NUM >= 1007009 -+ if (conf->upstream_config.store > 0) { -+ conf->upstream_config.cache = 0; -+ } -+ if (conf->upstream_config.cache > 0) { -+ conf->upstream_config.store = 0; -+ } -+ #endif -+ -+ #if NGINX_VERSION_NUM >= 1007009 -+ if (conf->upstream_config.store == NGX_CONF_UNSET) { -+ ngx_conf_merge_value(conf->upstream_config.store, -+ prev->upstream_config.store, 0); - -- if (conf->upstream_config.store_lengths == NULL) { - conf->upstream_config.store_lengths = prev->upstream_config.store_lengths; - conf->upstream_config.store_values = prev->upstream_config.store_values; - } -- } -+ #else -+ if (conf->upstream_config.store != 0) { -+ ngx_conf_merge_value(conf->upstream_config.store, -+ prev->upstream_config.store, 0); -+ -+ if (conf->upstream_config.store_lengths == NULL) { -+ conf->upstream_config.store_lengths = prev->upstream_config.store_lengths; -+ conf->upstream_config.store_values = prev->upstream_config.store_values; -+ } -+ } -+ #endif - - ngx_conf_merge_uint_value(conf->upstream_config.store_access, - prev->upstream_config.store_access, 0600); -@@ -526,20 +552,42 @@ - - #if (NGX_HTTP_CACHE) - -- ngx_conf_merge_ptr_value(conf->upstream_config.cache, -- prev->upstream_config.cache, NULL); -+ #if NGINX_VERSION_NUM >= 1007009 -+ if (conf->upstream_config.cache == NGX_CONF_UNSET) { -+ ngx_conf_merge_value(conf->upstream_config.cache, -+ prev->upstream_config.cache, 0); -+ -+ conf->upstream_config.cache_zone = prev->upstream_config.cache_zone; -+ conf->upstream_config.cache_value = prev->upstream_config.cache_value; -+ } - -- if (conf->upstream_config.cache && conf->upstream_config.cache->data == NULL) { -- ngx_shm_zone_t *shm_zone; -+ if (conf->upstream_config.cache_zone && conf->upstream_config.cache_zone->data == NULL) { -+ ngx_shm_zone_t *shm_zone; - -- shm_zone = conf->upstream_config.cache; -+ shm_zone = conf->upstream_config.cache_zone; - - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -- "\"scgi_cache\" zone \"%V\" is unknown", -- &shm_zone->shm.name); -+ "\"scgi_cache\" zone \"%V\" is unknown", -+ &shm_zone->shm.name); - -- return NGX_CONF_ERROR; -- } -+ return NGX_CONF_ERROR; -+ } -+ #else -+ ngx_conf_merge_ptr_value(conf->upstream_config.cache, -+ prev->upstream_config.cache, NULL); -+ -+ if (conf->upstream_config.cache && conf->upstream_config.cache->data == NULL) { -+ ngx_shm_zone_t *shm_zone; -+ -+ shm_zone = conf->upstream_config.cache; -+ -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "\"scgi_cache\" zone \"%V\" is unknown", -+ &shm_zone->shm.name); -+ -+ return NGX_CONF_ERROR; -+ } -+ #endif - - ngx_conf_merge_uint_value(conf->upstream_config.cache_min_uses, - prev->upstream_config.cache_min_uses, 1); -@@ -585,6 +633,11 @@ - prev->upstream_config.cache_lock_timeout, 5000); - #endif - -+ #if NGINX_VERSION_NUM >= 1007008 -+ ngx_conf_merge_msec_value(conf->upstream_config.cache_lock_age, -+ prev->upstream_config.cache_lock_age, 5000); -+ #endif -+ - #endif - - ngx_conf_merge_value(conf->upstream_config.pass_request_headers, diff --git a/nginx.changes b/nginx.changes index 0c39192..f75f037 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 16 15:08:28 UTC 2015 - mrueckert@suse.de + +- replace custom "kill -QUIT" with the kill signal setting in + the service file + ------------------------------------------------------------------- Fri Oct 16 15:01:17 UTC 2015 - mrueckert@suse.de diff --git a/nginx.service b/nginx.service index ee6679d..579d7df 100644 --- a/nginx.service +++ b/nginx.service @@ -3,11 +3,14 @@ Description=The nginx HTTP and reverse proxy server After=network.target remote-fs.target nss-lookup.target [Service] +PIDFile=/run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx -g "daemon off;" ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s QUIT $MAINPID +KillSignal=SIGQUIT +TimeoutStopSec=5 +KillMode=mixed PrivateTmp=true [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From cef2be01b137a25746f6256bf9376a7cc79f22f2a7f07bc438319a9de83e7437 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Fri, 16 Oct 2015 15:18:14 +0000 Subject: [PATCH 3/6] - use libGeoIP-devel everywhere OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=56 --- nginx.changes | 5 +++++ nginx.spec | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/nginx.changes b/nginx.changes index f75f037..ad3002a 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Oct 16 15:17:30 UTC 2015 - mrueckert@suse.de + +- use libGeoIP-devel everywhere + ------------------------------------------------------------------- Fri Oct 16 15:08:28 UTC 2015 - mrueckert@suse.de diff --git a/nginx.spec b/nginx.spec index 86d396f..595c29d 100644 --- a/nginx.spec +++ b/nginx.spec @@ -104,11 +104,7 @@ Provides: http_daemon Provides: httpd BuildRoot: %{_tmppath}/%{name}-%{version}-build # -%if 0%{?suse_version} > 1310 BuildRequires: libGeoIP-devel -%else -BuildRequires: GeoIP-devel -%endif # %if %{with google_perftools} BuildRequires: google-perftools-devel From 37d0b5a7dc5b2be7c6d609baa6d118685e1bab1cacbbbaeec3d6aec4482b3582 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Thu, 28 Jan 2016 02:13:05 +0000 Subject: [PATCH 4/6] Accepting request 356414 from home:MargueriteSu:branches:server:http security release OBS-URL: https://build.opensuse.org/request/show/356414 OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=57 --- nginx-1.8.0.tar.gz | 3 --- nginx-1.8.1.tar.gz | 3 +++ nginx.changes | 38 ++++++++++++++++++++++++++++++++++++++ nginx.spec | 5 +++-- 4 files changed, 44 insertions(+), 5 deletions(-) delete mode 100644 nginx-1.8.0.tar.gz create mode 100644 nginx-1.8.1.tar.gz diff --git a/nginx-1.8.0.tar.gz b/nginx-1.8.0.tar.gz deleted file mode 100644 index 8288adf..0000000 --- a/nginx-1.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 -size 832104 diff --git a/nginx-1.8.1.tar.gz b/nginx-1.8.1.tar.gz new file mode 100644 index 0000000..904d138 --- /dev/null +++ b/nginx-1.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 +size 833473 diff --git a/nginx.changes b/nginx.changes index ad3002a..bdff046 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su + +- update version 1.8.1 stable + * Security: invalid pointer dereference might occur during DNS server + response processing if the "resolver" directive was used, allowing an + attacker who is able to forge UDP packets from the DNS server to + cause segmentation fault in a worker process (CVE-2016-0742). + * Security: use-after-free condition might occur during CNAME response + processing if the "resolver" directive was used, allowing an attacker + who is able to trigger name resolution to cause segmentation fault in + a worker process, or might have potential other impact + (CVE-2016-0746). + * Security: CNAME resolution was insufficiently limited if the + "resolver" directive was used, allowing an attacker who is able to + trigger arbitrary name resolution to cause excessive resource + consumption in worker processes (CVE-2016-0747). + * Bugfix: the "proxy_protocol" parameter of the "listen" directive did + not work if not specified in the first "listen" directive for a + listen socket. + * Bugfix: nginx might fail to start on some old Linux variants; the bug + had appeared in 1.7.11. + * Bugfix: a segmentation fault might occur in a worker process if the + "try_files" and "alias" directives were used inside a location given + by a regular expression; the bug had appeared in 1.7.1. + * Bugfix: the "try_files" directive inside a nested location given by a + regular expression worked incorrectly if the "alias" directive was + used in the outer location. + * Bugfix: "header already sent" alerts might appear in logs when using + cache; the bug had appeared in 1.7.5. + * Bugfix: a segmentation fault might occur in a worker process if + different ssl_session_cache settings were used in different virtual + servers. + * Bugfix: the "expires" directive might not work when using variables. + * Bugfix: if nginx was built with the ngx_http_spdy_module it was + possible to use the SPDY protocol even if the "spdy" parameter of the + "listen" directive was not specified. + ------------------------------------------------------------------- Fri Oct 16 15:17:30 UTC 2015 - mrueckert@suse.de diff --git a/nginx.spec b/nginx.spec index 595c29d..5e1dd17 100644 --- a/nginx.spec +++ b/nginx.spec @@ -1,7 +1,7 @@ # # spec file for package nginx # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %bcond_with cpp_test %bcond_with google_perftools %bcond_without fancyindex @@ -62,7 +63,7 @@ %endif # Name: nginx -Version: 1.8.0 +Version: 1.8.1 Release: 0 %define fancyindex_version 0.3.5 Summary: A HTTP server and IMAP/POP3 proxy server From e611ce2c01f8f20efea1dc8ac8875962f940d2dc8d3602266bdcdf01fc13e45c Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Thu, 28 Jan 2016 02:27:35 +0000 Subject: [PATCH 5/6] OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=58 --- nginx.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx.changes b/nginx.changes index bdff046..b1cff8e 100644 --- a/nginx.changes +++ b/nginx.changes @@ -52,6 +52,8 @@ Fri Oct 16 15:01:17 UTC 2015 - mrueckert@suse.de - clean up conditionals and use bcond_with* everywhere - drop passenger support for now + * drop nginx-1.8.0-passenger-4.0.18.patch + * drop nginx-1.4.2-passenger-4.0.18.patch ------------------------------------------------------------------- Thu Jun 11 14:55:50 UTC 2015 - i@marguerite.su From 053eebd6c55205d98e7fbcc275ce0d190194b6f81d3c5a99be14662f9d81d680 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Sun, 31 Jan 2016 03:21:11 +0000 Subject: [PATCH 6/6] Accepting request 356721 from home:AndreasStieger:branches:server:http add bugzilla references OBS-URL: https://build.opensuse.org/request/show/356721 OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=59 --- nginx.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx.changes b/nginx.changes index b1cff8e..b509558 100644 --- a/nginx.changes +++ b/nginx.changes @@ -5,16 +5,16 @@ Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su * Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to - cause segmentation fault in a worker process (CVE-2016-0742). + cause segmentation fault in a worker process (CVE-2016-0742). boo#963781  * Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact - (CVE-2016-0746). + (CVE-2016-0746). boo#963778  * Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource - consumption in worker processes (CVE-2016-0747). + consumption in worker processes (CVE-2016-0747). boo#963775  * Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket.