From 4b0afe6fe83a48b5c055510bf5121386e4756408fbbe11cefd079adb60b1a702 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Wed, 5 Aug 2020 12:10:58 +0000 Subject: [PATCH 1/2] Accepting request 824381 from home:dirkmueller:branches:server:http - update nginx-1.6.1-default_config.patch: * remove geoip_module which is no longer compiled (bsc#1156202) OBS-URL: https://build.opensuse.org/request/show/824381 OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=174 --- check_1.9.2+.patch | 6 +++--- nginx-1.6.1-default_config.patch | 30 +++++++++++++++--------------- nginx-aio.patch | 14 +++++++------- nginx.changes | 6 ++++++ 4 files changed, 31 insertions(+), 25 deletions(-) diff --git a/check_1.9.2+.patch b/check_1.9.2+.patch index 5fe4e75..17e0e84 100644 --- a/check_1.9.2+.patch +++ b/check_1.9.2+.patch @@ -12,7 +12,7 @@ Index: src/http/modules/ngx_http_upstream_hash_module.c typedef struct { uint32_t hash; -@@ -235,6 +238,15 @@ ngx_http_upstream_get_hash_peer(ngx_peer +@@ -238,6 +241,15 @@ ngx_http_upstream_get_hash_peer(ngx_peer goto next; } @@ -28,7 +28,7 @@ Index: src/http/modules/ngx_http_upstream_hash_module.c if (peer->max_fails && peer->fails >= peer->max_fails && now - peer->checked <= peer->fail_timeout) -@@ -538,6 +550,15 @@ ngx_http_upstream_get_chash_peer(ngx_pee +@@ -560,6 +572,15 @@ ngx_http_upstream_get_chash_peer(ngx_pee continue; } @@ -58,7 +58,7 @@ Index: src/http/modules/ngx_http_upstream_ip_hash_module.c typedef struct { /* the round robin data must be first */ -@@ -205,6 +208,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p +@@ -208,6 +211,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p goto next; } diff --git a/nginx-1.6.1-default_config.patch b/nginx-1.6.1-default_config.patch index 2b2871f..7c85a06 100644 --- a/nginx-1.6.1-default_config.patch +++ b/nginx-1.6.1-default_config.patch @@ -1,6 +1,8 @@ ---- conf/nginx.conf.orig 2018-03-28 11:56:48.834012377 +0200 -+++ conf/nginx.conf 2018-03-28 13:16:09.978372767 +0200 -@@ -1,16 +1,28 @@ +Index: conf/nginx.conf +=================================================================== +--- conf/nginx.conf.orig ++++ conf/nginx.conf +@@ -1,16 +1,26 @@ -#user nobody; +#user nginx; @@ -10,14 +12,12 @@ -#error_log logs/error.log notice; -#error_log logs/error.log info; +# load_module #LIBDIR#/nginx/modules/ngx_http_fancyindex_module.so; -+# load_module #LIBDIR#/nginx/modules/ngx_http_geoip_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_headers_more_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_rtmp_module.so; -+# load_module #LIBDIR#/nginx/modules/ngx_stream_geoip_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so; + +#error_log /var/log/nginx/error.log; @@ -34,7 +34,7 @@ } -@@ -22,7 +34,7 @@ +@@ -22,7 +32,7 @@ http { # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; @@ -43,7 +43,7 @@ sendfile on; #tcp_nopush on; -@@ -32,16 +44,18 @@ +@@ -32,16 +42,18 @@ http { #gzip on; @@ -64,7 +64,7 @@ index index.html index.htm; } -@@ -51,7 +65,7 @@ +@@ -51,7 +63,7 @@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { @@ -73,7 +73,7 @@ } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -63,7 +77,7 @@ +@@ -63,7 +75,7 @@ http { # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { @@ -82,7 +82,7 @@ # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; -@@ -87,7 +101,7 @@ +@@ -87,7 +99,7 @@ http { # server_name somename alias another.alias; # location / { @@ -91,18 +91,18 @@ # index index.html index.htm; # } #} -@@ -101,6 +115,10 @@ - +@@ -102,6 +114,10 @@ http { # ssl_certificate cert.pem; # ssl_certificate_key cert.key; -+ + + # Allow TLS version 1.2 only, which is a recommended default these days + # by international information security standards. + # ssl_protocols TLSv1.2; - ++ # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; -@@ -109,9 +127,11 @@ + +@@ -109,9 +125,11 @@ http { # ssl_prefer_server_ciphers on; # location / { diff --git a/nginx-aio.patch b/nginx-aio.patch index e4f91f1..4561643 100644 --- a/nginx-aio.patch +++ b/nginx-aio.patch @@ -1,8 +1,8 @@ -Index: nginx-1.11.3/auto/unix +Index: nginx-1.19.1/auto/unix =================================================================== ---- nginx-1.11.3.orig/auto/unix -+++ nginx-1.11.3/auto/unix -@@ -531,7 +531,12 @@ if [ $NGX_FILE_AIO = YES ]; then +--- nginx-1.19.1.orig/auto/unix ++++ nginx-1.19.1/auto/unix +@@ -559,7 +559,12 @@ if [ $NGX_FILE_AIO = YES ]; then ngx_feature="Linux AIO support (SYS_eventfd)" ngx_feature_incs="#include #include " @@ -16,10 +16,10 @@ Index: nginx-1.11.3/auto/unix iocb.aio_lio_opcode = IOCB_CMD_PREAD; iocb.aio_flags = IOCB_FLAG_RESFD; iocb.aio_resfd = -1; -Index: nginx-1.11.3/src/event/modules/ngx_epoll_module.c +Index: nginx-1.19.1/src/event/modules/ngx_epoll_module.c =================================================================== ---- nginx-1.11.3.orig/src/event/modules/ngx_epoll_module.c -+++ nginx-1.11.3/src/event/modules/ngx_epoll_module.c +--- nginx-1.19.1.orig/src/event/modules/ngx_epoll_module.c ++++ nginx-1.19.1/src/event/modules/ngx_epoll_module.c @@ -77,9 +77,7 @@ int epoll_wait(int epfd, struct epoll_ev #if (NGX_HAVE_FILE_AIO) diff --git a/nginx.changes b/nginx.changes index c83fbfd..25dd339 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Aug 4 19:10:24 UTC 2020 - Dirk Mueller + +- update nginx-1.6.1-default_config.patch: + * remove geoip_module which is no longer compiled (bsc#1156202) + ------------------------------------------------------------------- Wed Jul 8 11:52:53 UTC 2020 - Илья Индиго From 63a9c6337ed7502a23232360f1eaa23ff244c799439eaff8a0b814e013dc04c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Wed, 12 Aug 2020 15:37:32 +0000 Subject: [PATCH 2/2] Accepting request 826073 from home:13ilya:branches:server:http - Update to 1.19.2 * https://nginx.org/en/CHANGES * Now nginx starts closing keepalive connections before all free worker connections are exhausted, and logs a warning about this to the error log. * Optimization of client request body reading when using chunked transfer encoding. * Memory leak if the "ssl_ocsp" directive was used. * "zero size buf in output" alerts might appear in logs if a FastCGI server returned an incorrect response; the bug had appeared in 1.19.1. * A segmentation fault might occur in a worker process if different large_client_header_buffers sizes were used in different virtual servers. * SSL shutdown might not work. * "SSL_shutdown() failed (SSL: ... bad write retry)" messages might appear in logs. * In the ngx_http_slice_module. * In the ngx_http_xslt_filter_module. OBS-URL: https://build.opensuse.org/request/show/826073 OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=175 --- nginx-1.19.1.tar.gz | 3 --- nginx-1.19.1.tar.gz.asc | 10 ---------- nginx-1.19.2.tar.gz | 3 +++ nginx-1.19.2.tar.gz.asc | 10 ++++++++++ nginx.changes | 23 +++++++++++++++++++++++ nginx.spec | 2 +- 6 files changed, 37 insertions(+), 14 deletions(-) delete mode 100644 nginx-1.19.1.tar.gz delete mode 100644 nginx-1.19.1.tar.gz.asc create mode 100644 nginx-1.19.2.tar.gz create mode 100644 nginx-1.19.2.tar.gz.asc diff --git a/nginx-1.19.1.tar.gz b/nginx-1.19.1.tar.gz deleted file mode 100644 index 9f3067c..0000000 --- a/nginx-1.19.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a004776c64ed3c5c7bc9b6116ba99efab3265e6b81d49a57ca4471ff90655492 -size 1047223 diff --git a/nginx-1.19.1.tar.gz.asc b/nginx-1.19.1.tar.gz.asc deleted file mode 100644 index b372521..0000000 --- a/nginx-1.19.1.tar.gz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABCAAGBQJfBJuCAAoJEFIKmZOhwFL4bi4IAJkDNzxLU+lGvxNUHm47llu9 -bHavC4HJW30Tjd5Hzujku7u6XR1F9HkoJQ6xaFqFNLMIQ5TYRTCIzJYLmB0LdJTY -ZlvDbY8YAnUHsMMJjkN6Mg5DUpaP/DahgyAu9flUgsMK3BK8dJ+CKPCsKerbTaqp -GHY79PwNHaCras6rQMrqioZHR46zeW5queOYF/V2yABBiujN4jWbTiT10pYwCXzp -Hqnn0lSVJpqfV9DoeWvs/+hDmy50iZVv8tBruyo5KEGE/gE5xxyEsCOE+4XELXxw -JHKB82Gr6pYlQ7xudz2N/CflNdSDprVLz7z3LVBmusTBZVwEHuIx+Jp7QMPbXQY= -=Nuff ------END PGP SIGNATURE----- diff --git a/nginx-1.19.2.tar.gz b/nginx-1.19.2.tar.gz new file mode 100644 index 0000000..7dd7144 --- /dev/null +++ b/nginx-1.19.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7c1f7bb13e79433ee930c597d272a64bc6e30c356a48524f38fd34fa88d62473 +size 1048727 diff --git a/nginx-1.19.2.tar.gz.asc b/nginx-1.19.2.tar.gz.asc new file mode 100644 index 0000000..e52e245 --- /dev/null +++ b/nginx-1.19.2.tar.gz.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- + +iQEcBAABCAAGBQJfMrFNAAoJEFIKmZOhwFL4WMoIAKr8bbm3cFCCZxS7ZJsbMcSU +fDxb+aUHrAPu7vJAU+NNjVynbU3enFMUOTJzRtkC5IeLqkIblAC+e/lCBttlu1qv +H6C+UFmBFHmy9FYW0InmwF4UUMPIp1EGCbpcJylUcZtMNkF3whT3lUZ/y7nREaZZ +r0UWYG2pdFCliCTP0F8Atr2S1eNvx6gwrdbqdH07rmPbsnwr7tTnRVDpUfrvdC5U +jN03YY2P92iwLo4hYns7bo0aJOv8dIjZgNwEf6uELt+2YC4AXp6bDRv2JCfs/Y52 +euRY91RNyQ98xIw7z0Djy367ST6W35uc8wuSQDO6uKcpcJrQfmKMRFg/UF1FPic= +=U9Bw +-----END PGP SIGNATURE----- diff --git a/nginx.changes b/nginx.changes index 25dd339..db4957a 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Wed Aug 12 15:23:16 UTC 2020 - Илья Индиго + +- Update to 1.19.2 + * https://nginx.org/en/CHANGES + * Now nginx starts closing keepalive connections before all free + worker connections are exhausted, and logs a warning about this + to the error log. + * Optimization of client request body reading when using chunked + transfer encoding. + * Memory leak if the "ssl_ocsp" directive was used. + * "zero size buf in output" alerts might appear in logs if a + FastCGI server returned an incorrect response; the bug had + appeared in 1.19.1. + * A segmentation fault might occur in a worker process if + different large_client_header_buffers sizes were used in + different virtual servers. + * SSL shutdown might not work. + * "SSL_shutdown() failed (SSL: ... bad write retry)" messages + might appear in logs. + * In the ngx_http_slice_module. + * In the ngx_http_xslt_filter_module. + ------------------------------------------------------------------- Tue Aug 4 19:10:24 UTC 2020 - Dirk Mueller diff --git a/nginx.spec b/nginx.spec index ae75058..beb1d18 100644 --- a/nginx.spec +++ b/nginx.spec @@ -76,7 +76,7 @@ %endif # Name: nginx -Version: 1.19.1 +Version: 1.19.2 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause