Accepting request 1194200 from server:http

- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch. - Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch. - Used atosetup -p1 macro and replaced editor from perl to sed. - Added %check section with gpg signature source verification. - Updated to 1.27.1 * https://nginx.org/en/CHANGES * Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347). * Now the stream module handler is not mandatory. * Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes. OBS-URL: https://build.opensuse.org/request/show/1194200 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=91
2024-08-17 10:40:46 +00:00 · 2024-08-17 10:40:46 +00:00 · aa2afd662f
commit aa2afd662f
parent 0cabb334ee 6670ffcf84
8 changed files with 74 additions and 60 deletions
--- a/nginx-1.27.0.tar.gz
+++ b/nginx-1.27.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7230e3cf87eaa2d4b0bc56aadc920a960c7873b9991a1b66ffcc08fc650129c
-size 1244887
--- a/nginx-1.27.0.tar.gz.asc
+++ b/nginx-1.27.0.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJHBAABCAAxFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoFAmZXPGwTHHMua2FuZGF1
-cm92QGY1LmNvbQAKCRDIRk1UmvdcCuP2EACiocOUQaVfOWCfm01ZA47KcW02UUNk
-U8gIZD4iu6ENVKw6ZwO3CpKpwnhixfmNnvKfsYdV+clgLtSk2F5ism82uXSDR4Bs
-K8q8SSFnCRltUf9AAddF7fEW3PyWlSW94cICAQLaVBOiRlSmg4ats/pdMR/9za0C
-0cg8nCnR3xiFr2LAqZgKXUkC1J3XNIg3r8v2YD1mAURi3h//w4UfNOvJ8/dhIDFy
-+SJuaA8uRjS2T1tEhXd91qqmxyfXliR+aYo4PGtpWp+rlFoOZK8jJK3ux0KmlgSr
-FpqCIV9uwOt9Ha29bdn8/R0LYnmozoVMkfWjAg6U4pUNXHq8x1TURGahy/TtxqLl
-F3H3lz39ioNvLqpSr83B+LKsKXgyjfIe+3JJf6GNPQDjdZyEdK78TLl2fDNZA4Pw
-Q3miCdUnGk/FwcJUVsC8pPCTFDGvnesR5+oXRQe1WhSY7mvv86QMbD6H6MteXq87
-dY96qleMIw2VS3VYNqmMaGJoRL/DJyYQF1ChdiNN5bqJBJMrrtNjDFDzJrMOcIrD
-w/L40pgZy7HOPX6Tbd5aV8yc32y7AM59Mttibarc+N8qYyQeUOOAt+3sw4aL0/WC
-zZznDF4Gj6Pbi9rn4L4RD6Bt5pLal6y4Y4M2m34/x4mfhbFQUnmwzu+F4kD83a9p
-cfoao+a5Gr4Plw==
-=SMAJ
-----END PGP SIGNATURE-----
--- a/nginx-1.27.1.tar.gz
+++ b/nginx-1.27.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bd7ba68a6ce1ea3768b771c7e2ab4955a59fb1b1ae8d554fedb6c2304104bdfc
+size 1245244
--- a/nginx-1.27.1.tar.gz.asc
+++ b/nginx-1.27.1.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoFAma7Vi8THHMua2FuZGF1
+cm92QGY1LmNvbQAKCRDIRk1UmvdcCtRUEACjv3LHnzN3J1c6h5C9cKTjIIKa4PgA
+fM8o41QenN6HMQ8a0ww8zH2zdDUxVr9OgNBV0sqtsL5SX+BuMTjGC75M5qgk45yd
+E6FMk2tJ69wVqmN1zP5sYV5n7dmt89mh7W3J3lO4XpgqCQcogmmyMg+1Z9vvO4Nt
+VvYO7w45oEqc5rb7IjWtktNS3jjf2Kat6azhOvrbMjuCUt/pOBJiM11diLmURtEx
+xE5It7bFwoywJUtjF7XUMeOGljH5VnxTLuIlq/5FkAYklu484B2iLHidhCLfq7g7
+9FJO3XatFrRefA7ryawZ9AnQtrLIt0YZdIEweoOxp16kj3mCmqhF/aeBNAcnQUAM
+EZLX/BBYA6cog8YuWffan9G5EYvul0tdXK5DQF8vUjBfw54aI4YnA5TDtSMniBEJ
+SJrUCbKazGFwd+K94IrGD8EwypEC+M3gQovNn34NikLr1Xe8Uz3i2x7y0OgYxbUh
+hH+ilD5XS0bHfueydYIKl85muwFtiIs3b0EhfvGf4z5d2DmvZ3/cYxjYpzZG0r7L
+WckCqgj2uVXvR3phDqpm0aNd8C+4sho+PQmXon8PbIpjuVLvQhz0XiH6D7H61wks
+XWNvBFHNjeBJYjaZQQ/2kAKfdwdpYTYvDd3Rlnscn3BNQvu9prWUDCYiNHMnNnOB
+ueop2LrbK54ogg==
+=bwlL
+-----END PGP SIGNATURE-----
--- a/nginx-1.6.1-default_config.patch
+++ b/nginx-1.6.1-default_config.patch
@ -1,24 +1,27 @@
-Index: conf/nginx.conf
-===================================================================
--- conf/nginx.conf.orig
-+++ conf/nginx.conf
-@@ -1,16 +1,25 @@
+diff -Pdpru nginx-1.27.1.orig/conf/nginx.conf nginx-1.27.1/conf/nginx.conf
+--- nginx-1.27.1.orig/conf/nginx.conf	2024-08-12 17:21:01.000000000 +0300
+++ nginx-1.27.1/conf/nginx.conf	2024-08-16 02:08:46.680107766 +0300
+@@ -1,16 +1,28 @@
+#user nginx nginx;
+#worker_processes 1;
+#pcre_jit off;
 
 -#user  nobody;
-+#user  nginx;
- worker_processes  1;
- 
-#error_log  logs/error.log;
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
+-worker_processes  1;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_echo_module.so;
+# load_module #LIBDIR#/nginx/modules/ngx_http_fancyindex_module.so;
+# load_module #LIBDIR#/nginx/modules/ngx_http_geoip2_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_lua_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so;
+# load_module #LIBDIR#/nginx/modules/ngx_stream_geoip2_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so;
-+
+ 
+-#error_log  logs/error.log;
+-#error_log  logs/error.log  notice;
+-#error_log  logs/error.log  info;
 +#error_log  /var/log/nginx/error.log;
 +#error_log  /var/log/nginx/error.log  notice;
 +#error_log  /var/log/nginx/error.log  info;
@ -33,7 +36,7 @@ Index: conf/nginx.conf
 }
 
 
-@@ -22,7 +32,7 @@ http {
+@@ -22,7 +34,7 @@ http {
     #                  '$status $body_bytes_sent "$http_referer" '
     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
@ -42,7 +45,7 @@ Index: conf/nginx.conf
 
     sendfile        on;
     #tcp_nopush     on;
-@@ -32,16 +42,18 @@ http {
+@@ -32,16 +44,18 @@ http {
 
     #gzip  on;
 
@ -63,7 +66,7 @@ Index: conf/nginx.conf
             index  index.html index.htm;
         }
 
-@@ -51,7 +63,7 @@ http {
+@@ -51,7 +65,7 @@ http {
         #
         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
@ -72,7 +75,7 @@ Index: conf/nginx.conf
         }
 
         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -63,7 +75,7 @@ http {
+@@ -63,7 +77,7 @@ http {
         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
         #
         #location ~ \.php$ {
@ -81,7 +84,7 @@ Index: conf/nginx.conf
         #    fastcgi_pass   127.0.0.1:9000;
         #    fastcgi_index  index.php;
         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-@@ -87,7 +99,7 @@ http {
+@@ -87,7 +101,7 @@ http {
     #    server_name  somename  alias  another.alias;
 
     #    location / {
@ -90,7 +93,7 @@ Index: conf/nginx.conf
     #        index  index.html index.htm;
     #    }
     #}
-@@ -102,6 +114,10 @@ http {
+@@ -102,6 +116,10 @@ http {
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
@ -101,7 +104,7 @@ Index: conf/nginx.conf
     #    ssl_session_cache    shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-@@ -109,9 +125,11 @@ http {
+@@ -109,9 +127,11 @@ http {
     #    ssl_prefer_server_ciphers  on;
 
     #    location / {
--- a/nginx-1.2.4-perl_vendor_install.patch
+++ b/nginx-1.2.4-perl_vendor_install.patch
@ -1,8 +1,7 @@
-Index: auto/install
-===================================================================
--- auto/install.orig
-+++ auto/install
-@@ -8,7 +8,7 @@ if [ $USE_PERL = YES ]; then
+diff -Pdpru nginx-1.27.1.orig/auto/install nginx-1.27.1/auto/install
+--- nginx-1.27.1.orig/auto/install	2024-08-12 17:21:01.000000000 +0300
+++ nginx-1.27.1/auto/install	2024-08-16 01:34:07.040688796 +0300
+@@ -8,7 +8,7 @@ if [ $USE_PERL != NO ]; then
     cat << END                                                >> $NGX_MAKEFILE
 
 install_perl_modules:
--- a/nginx.changes
+++ b/nginx.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Aug 16 02:21:19 UTC 2024 - Илья Индиго <ilya@ilya.top>
+
+- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch.
+- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
+- Used atosetup -p1 macro and replaced editor from perl to sed.
+- Added %check section with gpg signature source verification.
+- Updated to 1.27.1
+  * https://nginx.org/en/CHANGES
+  * Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
+  * Now the stream module handler is not mandatory.
+  * Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
+
 -------------------------------------------------------------------
 Fri May 31 08:48:36 UTC 2024 - Илья Индиго <ilya@ilya.top>

--- a/nginx.spec
+++ b/nginx.spec
@ -23,7 +23,7 @@
 %bcond_with    ngx_google_perftools
 #
 Name:           nginx
-Version:        1.27.0
+Version:        1.27.1
 Release:        0
 Summary:        A HTTP server and IMAP/POP3 proxy server
 License:        BSD-2-Clause
@ -41,13 +41,14 @@ Patch0:         %{name}-1.11.2-no_Werror.patch
 # PATCH-FIX-OPENSUSE nginx-1.11.2-html.patch
 Patch1:         %{name}-1.11.2-html.patch
 # PATCH-FIX-UPSTREAM nginx-1.2.4-perl_vendor_install.patch
-Patch2:         %{name}-1.2.4-perl_vendor_install.patch
+Patch2:         %{name}-perl.patch
 # PATCH-FIX-UPSTREAM fix /etc/nginx/nginx.conf to suit Linux env
-Patch3:         %{name}-1.6.1-default_config.patch
+Patch3:         %{name}-conf.patch
 # PATCH-FIX-UPSTREAM nginx-aio.patch fix support for Linux AIO
 Patch4:         %{name}-aio.patch
 BuildRequires:  %{name}-macros
 BuildRequires:  gcc-c++
+BuildRequires:  gpg2
 BuildRequires:  libatomic-ops-devel
 BuildRequires:  pkgconfig
 BuildRequires:  sysuser-shadow
@ -96,19 +97,13 @@ BuildArch:      noarch
 The source of %{name} [engine x] HTTP server and IMAP/POP3 proxy server.

 %prep
-%setup -q
-%patch -P 0 -p1
-%patch -P 1 -p1
-%patch -P 2
-%patch -P 3
-%patch -P 4 -p1
+%autosetup -p1

-perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl
-# we just use lib here because nginx loads them relative to _prefix
-perl -pi -e 's|#LIBDIR#|%{_lib}|g' conf/nginx.conf
+sed -i 's/\r//g' contrib/geo2nginx.pl
+sed -i 's|#LIBDIR#|%{_libdir}|g' conf/nginx.conf

 %if %{with systemd}
-sed -i "s/\/var\/run/\/run/" conf/nginx.conf
+sed -i 's/\/var\/run/\/run/' conf/nginx.conf
 %endif

 sed -i 's/^\(#define NGX_LISTEN_BACKLOG \).*/\1-1/' src/os/unix/ngx_linux_config.h
@ -127,7 +122,6 @@ install -dpm0750 %{buildroot}%{ngx_home}/{,tmp,proxy,fastcgi,scgi,uwsgi}
 install -Dpm0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 install -Dpm0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.service
 install -Dpm0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/%{name}.conf
-ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

 rm %{buildroot}/srv/www/htdocs/index.html

@ -155,6 +149,12 @@ copydocs() {
  popd
 }

+%check
+GPGTMP=`mktemp -d`
+gpg --homedir $GPGTMP -q --no-default-keyring --keyring $GPGTMP/.gpg-keyring --trust-model always --import %{SOURCE2}
+gpg --homedir $GPGTMP -q --no-default-keyring --keyring $GPGTMP/.gpg-keyring --trust-model always -q --verify -- %{SOURCE1} %{SOURCE0}
+rm -r $GPGTMP
+
 %pre -f %{name}.pre
 %service_add_pre %{name}.service

@ -198,7 +198,6 @@ copydocs() {
 %{ngx_module_dir}/ngx_stream_module.so
 %{_mandir}/man3/%{name}.3pm*
 /srv/www/htdocs/50x.html
-%{_sbindir}/rc%{name}
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{_localstatedir}/log/nginx/
 %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/